DocIntel - A Context-Centric Cyber Threat Intelligence Platform
An increasing number of documents reporting cyber incidents, vulnerabilities, novel offensive and defensive techniques are shared on a daily basis among various public and private communities. This collective knowledge needs to be collected, processed and organized for the cyber threat intelligence (CTI) analysts to search and investigate. The large volume and diversity of knowledge available form a key challenge for analysts looking to transform the data into actionable knowledge. Expert staffing shortages, employee costs in cybersecurity industry, expensive fees for commercial data feeds and short deadlines in the cybersecurity fast-paced environment pushes organizations to find more efficient solutions to manage their threat intelligence.
The proposed talk presents DocIntel, its key concepts and features, as well as how it is used in a large cyber threat intelligence team. DocIntel is an open-source knowledge platform for collecting, storing, processing, organizing, searching, and disseminating threat intelligence reports. A user-friendly web interface and command-line tools help CTI analysts to search and find the relevant information available, while controlling access to sensitive reports. Automated collection and pre-processing of documents reduce the workload of CTI analysts