Joining the data held in disparate knowledge bases, including linking MITRE ATT&CK to CVEs, creates a much richer context for intelligence. Let me show you the logic of an open-source tool we built to do just that.

Follow along as I show you how to store 200,000 CVEs as STIX objects, then use CVSS, EPSS, CISA KEV and CPE data to search and filter them.

txt2stix + stix2arango + arango_taxii_server = a robust and flexible setup for storing and distributing cyber threat intelligence you've produced.

After becoming ever-more frustrated by intelligence producers naming the same ransomware slightly differently, and with ATT&CK missing lots of ransomware types, I finally got around to trying to solve the problem.

Developing on last weeks post, I show you how to construct STIX Patterns to automatically flag which products are affected by published CVEs.

I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research.

Turn card numbers into STIX 2.1 objects. Enrich the data with issuer information. Track transactions made by the card. Then link the cards and transactions to other STIX objects in your research (Actors, Incidents, etc.).

I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.

Take the list of recognised countries and regions. Create STIX objects for them. Make them available to everyone so that the CTI world has a single way of representing them.

Software, Data Sources, Data Components, Campaigns, and more, make MITRE ATT&CK even more powerful than you might first realise. In this post I uncover the parts of ATT&CK you might not be aware of.