⚛️ Building a cyber threat intelligence knowledge management system using Grakn
Knowledge of cyber threats is a key focus in many areas of cybersecurity. Adapting intrusion detection systems, building relevant red team scenarios, guiding incident response activities, providing a more effective risk assessment through better knowledge of threat agents: all of these require a deep understanding of the issues related to the relevant cyber threats and its associated human and technical elements. During this talk, we will describe how we are using the hyper-relational data model, the logical inferences and the core features of Grakn to build an application (openCTI) allowing organizations to manage their cyber threat intelligence knowledge and technical observables. We will go through the data model, the implementation of nested relations and give you an overview on how you can create powerful applications using Grakn.
Don't forget to check out the openCTI project here --> www.opencti.io
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Presentation of the paper "Primers or Reminders? The Effects of Existing Review Comments on Code Review" published at ICSE 2020.
Authors:
Davide Spadini, Gül Calikli, Alberto Bacchelli
Link to the paper: https://research.tudelft.nl/en/publications/primers-or-reminders-the-effects-of-existing-review-comments-on-c
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
MITRE’s ATT&CK is a community-driven knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target. By scoping the wide breadth of the MITRE ATT&CK matrix to focus initially on the techniques used by threat actors you specifically care about, you can help the defenders create more useful and impactful detections first. Once you start emulating the appropriate threat actors, you can practice your defenses in a scenario that’s more realistic and applicable without the need for an actual intrusion. The speakers are providing a process and a case study of APT3 - a China-based threat group - for how to go from finding threat intelligence, sifting through it for actionable techniques, creating emulation plans, discovering how to emulate different techniques... to actually operating on a network. They are also providing a beginning "cheat sheet" for this actor to give a starting point for red and blue teams to accomplish these techniques in their own environment without the need to build their own tooling.
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Presentation of the paper "Primers or Reminders? The Effects of Existing Review Comments on Code Review" published at ICSE 2020.
Authors:
Davide Spadini, Gül Calikli, Alberto Bacchelli
Link to the paper: https://research.tudelft.nl/en/publications/primers-or-reminders-the-effects-of-existing-review-comments-on-c
The Cytoscape Cyberinfrastructure extends Cytoscape and its community into web-connected services.The CI is a Service Oriented Architecture that supports network biology oriented computations that can be orchestrated into repeatable workflows.
Advanced Virtual Assistant Based on Speech Processing Oriented Technology on ...ijtsrd
With the advancement of technology, the need for a virtual assistant is increasing tremendously. The development of virtual assistants is booming on all platforms. Cortana, Siri are some of the best examples for virtual assistants. We focus on improving the efficiency of virtual assistant by reducing the response time for a particular action. The primary development criterion of any virtual assistant is by developing a simple U.I. for assistant in all platforms and core functioning in the backend so that it could perform well in multi plat formed or cross plat formed manner by applying the backend code for all the platforms. We try a different research approach in this paper. That is, we give computation and processing power to edge devices itself. So that it could perform well by doing actions in a short period, think about the normal working of a typical virtual assistant. That is taking command from the user, transfer that command to the backend server, analyze it on the server, transfer back the action or result to the end user and finally get a response if we could do all this thing in a single machine itself, the response time will get reduced to a considerable amount. In this paper, we will develop a new algorithm by keeping a local database for speech recognition and creating various helpful functions to do particular action on the end device. Akhilesh L "Advanced Virtual Assistant Based on Speech Processing Oriented Technology on Edge Concept (S.P.O.T)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33289.pdf Paper Url: https://www.ijtsrd.com/computer-science/realtime-computing/33289/advanced-virtual-assistant-based-on-speech-processing-oriented-technology-on-edge-concept-spot/akhilesh-l
Internet of Things (IoT) - in the cloud or rather on-premises?Guido Schmutz
You want to implement a Big Data or Internet of Things (IoT) solution and like to know if it should be implemented in the cloud or on-premises. You are interested in the cloud offerings of vendors and what benefits they provide and if a similar solution would not be possible on-premises.
This presentation deals with this and other questions. Starting from a vendor-independent reference architecture and corresponding design patterns, different cloud solutions from various vendors are compared and rated. Additionally, it will be shown how such solution could be implemented on-premises and how a hybrid IoT solution could look like.
Independent of the source of data, the integration of event streams into an Enterprise Architecture gets more and more important in the world of sensors, social media streams and Internet of Things. Events have to be accepted quickly and reliably, they have to be distributed and analysed, often with many consumers or systems interested in all or part of the events. Dependent on the size and quantity of such events, this can quickly be in the range of Big Data. How can we efficiently collect and transmit these events? How can we make sure that we can always report over historical events? How can these new events be integrated into traditional infrastructure and application landscape?
Starting with a product and technology neutral reference architecture, we will then present different solutions using Open Source frameworks and the Oracle Stack both for on premises as well as the cloud.
Using Data Science & Serverless Python to find apartment in TorontoDaniel Zivkovic
See how Ian Whitestone (Data Scientist at Shopify) created Domi – #Toronto Apartment Finder app, using #Serverless Framework #Zappa for #Python on #AWS, #PostGIS, #Slack, and some #Regression Techniques: https://www.youtube.com/watch?v=JE_zEqe7M_8
http://ServerlessToronto.org thanks https://www.linkedin.com/company/trend-micro for catering, https://www.linkedin.com/company/myplanethq for hosting, and https://www.linkedin.com/company/manning-publications-co for book giveaways!
In questo workshop abbiamo visto le best practices per l'uso di React Native, come l'organizzazione di file e cartelle e la comunicazione con i servizi di back-end, nel contesto di un progetto reale come Planet App per la gestione IoT del quartiere.
Title: The Trinity in Exponential Technologies: Open Source, Blockchain and Microsoft Azure.
This talk will explore how Open Source, Blockchain and the Microsoft Cloud provide the best combination of emerging technologies by means of a perfect synergy in terms of technological shift as well as ecosystem collaboration, with a special focus on Blockchain enterprise solutions and use cases. It will also provide insightful information about best practices, common mistakes and the use of Azure as a managed Blockchain platform (BaaS – Blockchain as a Service).
"Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed.
In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.
Edge computing and the Internet of Things bring great promise, but often just getting data from the edge requires moving mountains. Let's learn how to make edge data ingestion and analytics easier using StreamSets Data Collector edge, an ultralight, platform independent and small-footprint Open Source solution written in Go for streaming data from resource-constrained sensors and personal devices (like medical equipment or smartphones) to Apache Kafka, Amazon Kinesis and many others. This talk includes an overview of the SDC Edge main features, supported protocols and available processors for data transformation, insights on how it solves some challenges of traditional approaches to data ingestion, pipeline design basics, a walk-through some practical applications (Android devices and Raspberry Pi) and its integration with other technologies such as Streamsets Data Collector, Apache Kafka, Apache Hadoop, InfluxDB and Grafana. The goal here is to make attendees ready to quickly become IoT data intake and SDC Edge Ninjas.
Speaker
Guglielmo Iozzia, Big Data Delivery Manager, Optum (United Health)
apidays LIVE Australia 2021 - Tracing across your distributed process boundar...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Tracing across your distributed process boundaries using OpenTelemetry
Dasith Wijes, Senior Consultant at Microsoft (Azure Cloud & AI Team)
Similar to Building a Cyber Threat Intelligence Knowledge Management System (Paris August 2019) (20)
Building Biomedical Knowledge Graphs for In-Silico Drug DiscoveryVaticle
The rapid development and spread of analytical tools in the biomedical sciences has produced a variety of information about all sorts of biological components and their functions. Though important individually, their biological characteristics need to be understood in relation to the interactions they have with other biological components, which requires the integration of vast amounts of complex, semantically-rich, heterogenous data.
Traditional systems are inadequate at accurately modelling and handling data at this scale and complexity, making solutions that speed up the integration and querying of such data a necessity.
In this talk, we present various approaches being used in organisations to build biomedical computational pipelines to address these problems using tools such as Machine Learning and TypeDB. In particular, we discuss how to create an accurate and scalable semantic representation of molecular level biomedical data by presenting examples from drug discovery, precision medicine and competitive intelligence.
Speaker: Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle, dedicated to building a strongly-typed database for intelligent systems. He works directly with TypeDB's open source and enterprise users so they can fulfil their potential with TypeDB and change the world. He focuses mainly in life sciences, cyber security, finance and robotics.
Loading a lot of data into a graph database is not a trivial exercise. TypeDB Loader (formerly known as GraMi) was developed to allow large-scale data import into TypeDB, a strongly-typed database. Recent improvements have immensely simplified the configuration interface to allow for easier data importing, while maintaining features and the promise of loading huge amounts of data into TypeDB as fast as possible.
Natural Language Interface to Knowledge GraphVaticle
Natural language interfaces (NLI) offer end-users an easy and convenient way to query ontology-based knowledge graphs. They automatically generate database queries based on their natural language inputs, avoiding the need for the end user to learn different query languages. NLIs can be used with REST APIs to facilitate and enrich the interactions with knowledge graphs, in domains such as interactive root cause analysis (RCA), dynamic dashboard generation, and Online Transactional Processing (OLTP).
In this talk, you'll learn about a natural language interface built with a TypeDB server running on Raspberry Pi4. This application offers a conversational bot assistant with Cisco Webex for an efficient and flexible way to facilitate human-machine interactions. In particular, this talk will demonstrate how natural language inputs are translated into TypeQL queries using Abstract Syntax Trees that represent the syntactic structure discovered during the Named Entity Recognition (NER) analysis of the textual inputs provided by Rasa 2.X running on an Intel Celeron J3455 miniPC.
A Data Modelling Framework to Unify Cyber Security KnowledgeVaticle
Cyber security companies collect massive amounts of heterogenous data coming from a huge number of sources. These describe hundreds of different data types, such as vulnerabilities, observables, incidents, and malwares. While this data is highly complex (with many types of relations, type hierarchies, and rules), its structure doesn't significantly change between organisations. However, without a publicly available data model, organisations end up modelling the same data in different ways: in other words, reinventing the wheel, and wasting their resources. This modelling complexity makes scaling cyber security applications extremely difficult.
That's why efforts are underway to provide ready-made solutions for typical cyber security use cases which provide the flexibility to expand for specific requirement of individual setups. The combination of those efforts have created a lot of inter-related knowledge silos (e.g. CVE, CAPEC, CWE, CVSS, Cocoa, MITRE, VERIS, STIX, MAEC). To unify these silos, various ontologies have been proposed by researchers, with different levels of granularity - from specific use cases like defence exercises, to more comprehensive cases like the UCO project.
During this talk, you’ll learn about the OmnibusCyber Project, an open-source, ready-made solution that aggregates cyber security knowledge silos, based on TypeDB. TypeDB’s framework offers the expressivity, safety, and inference properties required to implement a knowledge graph without the complexity associated with the OWL/RDF semantic frameworks.
Unifying Space Mission Knowledge with NLP & Knowledge GraphVaticle
Synopsis
The number of space missions being designed and launched worldwide is growing exponentially. Information on these missions, such as their objectives, orbit, or payload, is disseminated across various documents and datasets. Facilitating access to this information is key to accelerating the design of future missions, enabling experts to link an application to a mission, and following various stakeholders' activities.
This presentation introduces recent research done at the ESA to combine the latest Language Models with Knowledge Graphs, unifying our knowledge on space missions. Language Models such as GPT-3 and BERT are trained to understand the patterns of human (natural) language. These models have revolutionised the field of NLP, the branch of AI enabling machines to understand human language in all its complexity. In this work, key information on a mission is parsed from documents with the GPT-3 model, and the parsed data is then migrated to a TypeDB Knowledge Graph to be easily queried. Although this work focuses on an application in the space sector, the method can be transferred to other engineering fields.
Presenters
Dr. Audrey Berquand is a Research Fellow at the ESA. Her research aims at enhancing space mission design and knowledge management with text mining, NLP, and Knowledge Graphs. She was awarded her PhD in 2021 from the University of Strathclyde (Scotland) for her thesis on “Text Mining and Natural Language Processing for the Early Stages of Space Mission Design”. Audrey has a background in space systems engineering, she holds an MSc in Aerospace Engineering from the Royal Institute of Technology KTH (Sweden), and a diplôme d'ingénieur from the EPF Graduate School of Engineering (France). Before diving into the world of AI, she spent 3 years at ESA being involved in the early design phases of future Earth Observation missions.
Ana Victória Ladeira works with Knowledge Management at the ESA, using automated methods to exploit the information contained in the piles and piles of documents that ESA generates every day. With a Masters degree in Data Science from Maastricht University, Ana is particularly excited about how NLP methods can help large organizations connect different documents and highlight the bigger picture over a big universe of data sources, as well as using Knowledge Graphs to help connect people to the expertise and information they need.
Talk Summary:
State of the art AI approaches can struggle to create solutions which provide accurate results that stand the test of time. They are also plagued by problems such as bias and a lack of explainability. Causal AI addresses these key problems and is at the center of the Geminos Causeway platform, which is built on TypeDB.
This webinar will give you an introduction to why causal AI is so important, and how you can start to use it to drive more value for your organisation.
Speaker: Stuart Frost
Stu is the CEO and founder of Geminos. Their focus is on building AI-driven solutions for mid-sized Smart Manufacturing and Logistics companies, that are frustrated by their inability to digitalize their operations at sensible cost. Stu has 30 years’ experience in founding and leading successful data management and analytics startups, starting at 26 when he founded SELECT Software Tools, and led the company to a NASDAQ IPO in 1996. He then founded DATAllegro in 2003 which was acquired by Microsoft.
Building a Cyber Threat Intelligence Knowledge GraphVaticle
Knowledge of cyber threats is a key focus in cyber security. In this talk, we present TypeDB CTI, which is an open source threat intelligence platform to store and manage such knowledge. It enables Cyber Security Intelligence (CTI) professionals to bring together their disparate CTI information into one platform, enabling them to more easily manage such data and discover new insights about cyber threats.
We will describe how we use TypeDB to represent STIX 2.1, the most widely used language and serialization format used to exchange cyber threat intelligence. We cover how we leverage TypeDB's modelling constructs such as type hierarchies, nested relations, hyper relations, unique attributes, and logical inference to build this threat intelligence platform.
Speaker: Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle. He works closely with TypeDB's open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cyber security and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last seven years founding and building businesses in the technology industry.
Knowledge Graphs for Supply Chain Operations.pdfVaticle
Agility in supply chain operations has never been so important, especially with today's nonlinear and complex world. That is why companies with supply chains need knowledge graphs.
So how do enterprises unleash the power of their own supply chain data to make smarter decisions? This is where bops comes into play. Bops activates supply chain data from existing operating systems (ERPs, Pos, OMS, etc) simplifying how operators optimize working capital in every decision.
In this session, bops will showcase a few use cases that portray the power of a knowledge graph to represent a supply chain network composed of an end to end product flow driven by actions among plants, customers and suppliers.
Supply chain operations visibility:
- Story of a Product and an SKU: from raw material to finished goods track trace & bill of material deviations
- Story of a Supplier – risk assessments – “the most influential supplier”
- Story of a Process – anomaly detection – “what went wrong?”
Join us for a lively discussion to learn how using knowledge graphs is already helping supply chain companies to better collect, unify, and activate their data.
Speaker: Jorge Risquez
Jorge is the Co-founder and CEO of bops, a headless supply chain intelligence platform helping manufacturers and distributors source, make, and deliver their products, and unlock working capital. Previously, Jorge spent a decade as a Supply Chain Consultant for Deloitte, where he worked with Fortune 500 companies such as Tyson and Cargill. In his spare time, he enjoys going for a run in Central Park and spending time with family and friends.
Building a Distributed Database with Raft.pdfVaticle
Applications running on production have much higher requirements. Not only do they need to be correct, they also need to be "always-on", handle a much bigger user load, and also be secure.
Meet TypeDB Cluster, the TypeDB database for production-scale, built using the Raft replication algorithm. Join us for a walk through the underlying architecture and what value it brings to developers running an application at scale.
Speaker: Ganeshwara Henanda
Ganesh leads the development of TypeDB Cluster while also managing other aspects such as infrastructure and project management. His day-to-day work involves building concurrent and distributed algorithms such as Raft and the Actor Model.
He graduated with an MSc of Grid Computing from University of Amsterdam, and has built several large scale distributed and real-time systems throughout his career.
Enabling the Computational Future of Biology.pdfVaticle
Computational biology has revolutionised biomedicine. The volume of data it is generating is growing exponentially. This requires tools that enable computational and non-computational biologists to collaborate and derive meaningful insights. However, traditional systems are inadequate to accurately model and handle data at this scale and complexity.
In this talk, we discuss how TypeDB enables biologists to build a deeper understanding of life, and increase the probability of groundbreaking discoveries, across the life sciences.
Speaker: Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle. He works closely with TypeDB's open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cybersecurity and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last seven years founding and building businesses in the technology industry.
Build your skills and learn how TypeDB's native inference engine works.
Good for:
- Beginners to TypeDB and TypeQL
- Those who have been using TypeDB and want a refresher on inference in TypeDB
- Experienced software engineers
- Those who want to better represent their domain in a model that allows for logical reasoning at the database level
Description:
TypeDB is capable of reasoning over data via pre-defined rules. TypeQL rules look for a given pattern in the database and when found, infer the given queryable fact. The inference provided by rules is performed at query (run) time. Rules not only allow shortening and simplifying of commonly-used queries, but also enable knowledge discovery and implementation of business logic at the database level.
Takeaways:
- Understanding of fundamental components of TypeDB's inference engine and how to write rules for your domain
- Write at least 1 rule for your use case
- Utilise the rule you wrote in a query
Tomás Sabat:
Tomás is the Chief Operating Officer at Vaticle, dedicated to building a strongly-typed database for intelligent systems. He works directly with TypeDB's open source and enterprise users so they can fulfil their potential with TypeDB and change the world. He focuses mainly in life sciences, cyber security, finance and robotics.
Join the TypeDB community to learn how we think about data modelling, and how TypeDB's expressivity allows you to model your domain based on logical and object-oriented programming principles.
Good for:
- Engineers, scientists, and technical executives
- Those in a technical field working with complex datasets, and building intelligent systems
- Anyone curious to learn about the expressive power of TypeDB's data model
Description:
We open this training with an exploration into what a schema looks like in TypeDB, starting with clarifying the motivation for the conceptual model in TypeDB, and its relationship to the Enhanced Entity-Relationship model.
Then we break things down a bit more philosophically, delving into: what does it mean to represent data in TypeDB, and how TypeDB allows you to think higher-level, as opposed to join-tables, columns, documents, vertices, edges, and properties.
Takeaways:
- Be able to articulate why TypeDB's data model is so beneficial for complex data, and why we use it to build intelligent systems
- Write a TypeDB schema in TypeQL
- Practice modelling one of your own domains
Tomás Sabat:
Tomás is the Chief Operating Officer at Vaticle, dedicated to building a strongly-typed database for intelligent systems. He works directly with TypeDB's open source and enterprise users so they can fulfil their potential with TypeDB and change the world. He focuses mainly in life sciences, cyber security, finance and robotics.
Using SQL to query relational databases is easy. As a declarative language, it’s straightforward to write queries and build powerful applications. However, relational databases struggle when working with complex data. When querying such data in SQL, challenges especially arise in the modelling and querying of the data.
For example, due to the large number of necessary JOINs, it forces us to write long and verbose queries. Such queries are difficult to write and prone to mistakes.
TypeQL is the query language used in TypeDB. Just as SQL is the standard query language in relational databases, TypeQL is TypeDB's query language. It’s a declarative language, and allows us to model, query and reason over our data.
In this talk, we will look at how TypeQL compares to SQL. Why and when should you use TypeQL over SQL? How do we do outer/inner joins in TypeQL? We'll look at the common concepts, but mostly talk about the differences between the two.
Speaker: Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle. He works closely with TypeDB's open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cybersecurity and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last seven years founding and building businesses in the technology industry.
TypeDB Academy- Getting Started with Schema DesignVaticle
In this TypeDB Academy, we start by gaining an understanding of the fundamental components of TypeDB's type system and what makes it unique. We will see how we can download, install, and run TypeDB, and learn to perform basic database operations.
We'll then explore what a schema looks like in TypeDB, starting with clarifying the motivation for schema, the conceptual schema of TypeDB, and its relationship to the Enhanced Entity-Relationship model.
Good for:
- Beginners to TypeDB and TypeQL
- Those who have been using TypeDB and want a refresher on schema and TypeQL
- Experienced database administrators and software engineers
Takeaways:
- Understanding of fundamental components of TypeDB
- How to download, install, and run TypeDB on your computer
- Be able to articulate why schema is so beneficial when using TypeDB, why we use one, and how it enables a more expressive model
- Write a TypeDB schema in TypeQL
Comparing Semantic Web Technologies to TypeDBVaticle
Semantic Web technologies enable us to represent and query for very complex and heterogeneous datasets. We can add semantics and reason over large bodies of data on the web. However, despite a lot of educational material available, they have failed to achieve mass adoption outside academia.
TypeDB works at a higher level of abstraction and enables developers to be more productive when working with complex data. TypeDB is easier to learn, reducing the barrier to entry and enabling more developers to access semantic technologies. Instead of using a myriad of standards and technologies, we just use one language - TypeQL.
In this talk we will:
- look at how TypeQL compares to Semantic Web standards, specifically RDF, SPARQL RDFS, OWL and SHACL.
- cover questions such as, how do we represent hyper-relations in TypeDB? How does one use rdfs:domain and rdfs:range in TypeDB? And how do the modelling philosophies compare?
Speaker: Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle. He works closely with TypeDB's open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cyber security and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last seven years founding and building businesses in the technology industry.
How might we utilise an actor-based execution model to build a powerful yet elegant reasoning engine?
Actors are an asynchronous, inherently parallel framework that form the basis of some of the most computationally heavy systems in the world. By leveraging this in an event-driven model, we can build an execution engine that makes efficient use of all available hardware resources to answer your reasoning queries.
We'll visit the key ideas behind actors, and then walk through how we break reasoning into neat, actor-sized building blocks. As we do this, it will become clear how our marriage of reasoning and actors naturally produces a scalable and elegant execution engine. By examining the problem of reasoning from an actor-based lens, we'll be able to better understand the complexities of reasoning and visualise bottlenecks and optimisations.
Intro to TypeDB and TypeQL | A strongly-typed databaseVaticle
TypeDB is a strongly-typed database. It provides a rich and logical type system which breaks down complex problems into meaningful and logical systems, using TypeQL as its query language.
TypeDB allows you to model your domain based on logical and object-oriented principles. Composed of entity, relationship, and attribute types, as well as type hierarchies, roles, and rules, TypeDB allows you to think higher-level, as opposed to join-tables, columns, documents, vertices, and edges.
Types describe the logical structures of your data, allowing TypeDB to validate that your code inserts and queries data correctly. Query validation goes beyond static type-checking, and includes logical validation of meaningless queries. With strict type-checking errors, you have a dataset that you can trust.
Finally, TypeDB encodes your data for logical interpretation by its reasoning engine. It enables type-inference and rule-inference, which create logical abstractions of data. This allows for the discovery of facts and patterns that would otherwise be too hard to find.
With these abstractions, queries in the tens to hundreds of lines in SQL or NoSQL databases can be written in just a few lines in TypeQL – collapsing code complexity by orders of magnitude.
Join Tomás from the Vaticle team where he'll discuss the origins of TypeDB, the impetus for inventing a new query language, TypeQL, and why we are so excited about the future of software and intelligent systems.
Tomás Sabat:
Tomás is the Chief Operating Officer at Vaticle, dedicated to building a strongly typed database for intelligent systems. He works directly with TypeDB's open source and enterprise users so they can fulfil their potential with TypeDB and change the world. He focuses mainly in life sciences, cyber security, finance and robotics.
Graph Databases vs TypeDB | What you can't do with graphsVaticle
Developing with graph databases has a number of challenges, such as the modelling of complex schemas, and maintaining data consistency in your database.
In this talk, we discuss how TypeDB addresses these challenges, as well as how it compares to property graph databases. We’ll look at how to read and write data, how to model complex domains, and TypeDB’s ability to infer new data.
The main differences between TypeDB and graph databases can be summarised as:
1. TypeDB provides a concept-level schema with a type system that fully implements the Entity-Relationship (ER) model. Graph databases, on the other hand, use vertices and edges without integrity constraints imposed in the form of a schema
2. TypeDB contains a built-in inference engine - graph databases don’t provide native inferencing capabilities
3. TypeDB is an abstraction over a graph, and leverages a graph database under the hood to create a higher-level model, while graph databases work at different levels of abstraction
Tomás Sabat
Tomás is the Chief Operating Officer at Vaticle. He works closely with TypeDB's open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cyber security and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last seven years founding and building businesses in the technology industry.
In this seminar we use TypeDB to open a window on the Pandora Papers, a massive 'data tsunami' based on 11.9 million leaked source documents obtained by the International Consortium of Investigative Journalists (ICIJ).
We will use an automated query builder to get an initial set of results, and then hop from node to node, exploring neighbours and mapping out a suspicious-looking network of offshore shell companies, officers and intermediaries.
Speaker: Jon Thompson
Jon has an MSc in Applied Mathematics and has worked for several years as a Data Scientist in high-throughput biological sequencing. He is the founder of Nodelab, which is on a mission to provide a fully-featured graphical user interface experience for TypeDB.
Heterogenous data holds significant inherent context. We would like our machine learning models to understand this context, and utilise this ancillary but critical information to improve the accuracy and versatility of our models.
How can we systematically make use of context in Machine Learning?
We delve in and investigate the knowledge modelling techniques, which applied with the right ML strategies, give us a promising approach for robustly handling heterogeneous data in large knowledge models. We aim to do this in a way that allows us to build any Machine Learning models, including graph learning models like our KGCN.
Speaker: James Fletcher, Vaticle
James comes from a background of Computer Vision, specialising in automated diagnostics. As Principal Scientist at Vaticle, his mission is to demonstrate to the world how traditional symbolic approaches to AI, built-in to TypeDB, can be combined with present-day research in machine learning.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Building a Cyber Threat Intelligence Knowledge Management System (Paris August 2019)
1. Building a management system for cyber threat
intelligence knowledge using
OpenCTI
Paris Meetup, 27th August 2019
2. SPEAKERS
Head of CyberThreat Intelligence @ ANSSI VP of Engineering @YOOI
yooi.comssi.gouv.fr
Co-founders of Luatix
@SamuelHassine Samuel Hassine @richardjulien Julien Richard
openex.io
luatix.org
opencti.io
3. THE STORY
WHY OPENCTI
WHY WE/YOU NEED A SOFTWARE LIKE THIS
HOW TO START THE PROJECT
YOU CANNOT DEVELOP ALONE
HOW GRAKN EMPOWERS OPENCTI
READY TO USE GRAKN FOR YOUR PROJECT?
WHAT’S NEXT FOR OPENCTI
HEY SAM, YOUR MODEL LOOKS LIKE A GRAPH DOESN’T IT?
DECISION CRITERIA, LEARN AND DISCOVER THE POWER
EVERYTHING HAS A PRICE. PERFECTION DOES NOT EXIST
LOOKING FOR A STANDARD AND FIRST IMPLEMENTATION
ITS JUST THE BEGINNING, WE WANT TO DO MORE
4. WHY OPENCTI
Intelligence for partner CTI teams
Indicators and signatures for SOC teams
Tactics, techniques and procedures for DFIR teams
Behaviors to help prioritizing EDR and IDS development roadmaps
Red team scenarios for hackers and pentesters teams
Provide knowledge about threat actors of interest
Daily work of a CTI analyst
Investigate adversary behaviors, arsenals and infrastructures
Pivoting on technical elements
Correlating behaviors and finding patterns
< KNOWLEDGE REQUIRES KNOWLEDGE MANAGEMENT >
6. WHY OPENCTI
Knowledge issues to solve
From a strategic level...
Victimology of an intrusion set or a threat actor over time.
Tactics and procedures of a campaign targeting a specific sector.
Reusing of legitimate tools in malicious codes families.
Campaigns targeting an organization or sector over time.
to an operational one.
Observables linked to a specific threat and evolution over time.
Clusters of malicious artefacts and enrichment (hosters, registrars, etc.).
< NEEDED ANSWERS >
7. WHY OPENCTI
Today in the CTI world, long live unstructured data!
CTI analyst
Partners
Vendors
OSINT
SIGINT
We have intel!
Enrich
Investigate
IntelligenceWe have intel!
< CTI ANALYSTS ARE NOT LIBRARIANS >
8. WHY OPENCTI
A complex role in a complex workflow
Cyber threat
intelligence is
not doomed to
be only the
main data
source of the
security
detection chain
and associated
to guys who
produce
reports that
may be read.
9. HOW TO START THE PROJECT
Functional needs
Structured and organized storage of information related to cyber threats
Unified data space between all levels of information from operational to strategic
Traceability of the source of all capitalized information
Viewing, sharing, correlation features
According to this context, we need:
10. HOW TO START THE PROJECT
From unstructured to structured!
STIX2 is the most accurate data model that currently exists
to store cyber threat intelligence knowledge.
Storage of TTPs can be done with any framework
(ATT&CK, KillChain, NSA, custom, etc.). A connector
fully integrates Enterprise ATT&CK and Pre-ATT&CK.
Think the data model
https://oasis-open.github.io/cti-documentation/stix/intro
https://attack.mitre.org
< STIX2 RULES >
11. HOW TO START THE PROJECT
STIX2 in a nutshell
{
"id": "intrusion-set--bef4c620-0787-42a8-a96d-
b7eb6e85917c",
"type": "intrusion-set",
"name": "APT28",
"aliases": [
"APT28",
"Sednit",
"Sofacy",
"Fancy Bear",
],
"description": "APT28 is a threat group that has been
attributed to Russia's Main Intelligence Directorate of the
Russian General Staff by a July 2018 U.S. Department of
Justice indictment.",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-
d1b8b55e40b5",
"modified": "2019-07-27T00:09:33.254Z",
"created": "2017-05-31T21:31:48.664Z",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-
71d5b4802168"
]
}
STIX2 is composed of entities,
embedded relationships and
relationships.
Embedded relations
Entity Intrusion Set
uses
Embedded relation
12. HOW TO START THE PROJECT
STIX2 in a nutshell
{
"id": "malware--af2ad3b7-ab6a-4807-91fd-51bcaff9acbb",
"type": "malware",
"name": "USBStealer",
"description": "USBStealer is malware that has used by APT28 since at
least 2005 to extract information from air-gapped networks.",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"modified": "2018-10-17T00:14:20.652Z",
"created": "2017-05-31T21:33:17.716Z",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
]
}
{
"id": "relationship--d26b3aeb-972f-471e-ab59-dc1ee2aa532e",
"type": "relationship",
"relationship_type": "uses",
"description": "APT28 uses USBStealer.",
"source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
"target_ref": "malware--af2ad3b7-ab6a-4807-91fd-51bcaff9acbb"
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"modified": "2019-07-27T00:09:36.949Z",
"created": "2017-05-31T21:33:27.041Z",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
]
}
Entity Malware
Relationship
Embedded relations
Embedded relation
Embedded relation
Embedded relations
13. HOW TO START THE PROJECT
Let’s start something with
Why
Community works on importing ATT&CK STIX2 data to MongoDB
Support for embedded documents in a document (created_by_ref, object_marking_refs, etc…)
Simple JSON documents importation
Interesting query language and full text search feature
Proof of concept
How
REST API architecture, backend in PHP / Symfony and frontend in ReactJS
Home made Symfony library to handle STIX2 objects and relationships in MongoDB
Relationships are documents with an embedded link to source and target documents
< CODING…. >
https://www.mongodb.com
14. HOW TO START THE PROJECT
Proof of concept
Create a new identity with
the corresponding document
class.
Use Symfony form to create
entities and store them.
< CALL JULIEN >
15. Does this approach suit you?
HOW TO START THE PROJECT
Proof of concept
Seems really cool, but are you sure about
, and real timewe try a contract-based API backend, using
https://graphql.org https://relay.dev
Relay
https://redis.io
and
collaboration powered by the addition of ?
By the way, what do you think if
the model and usage of the database ?
16. NO ONE SUCCEEDS ALONE
STIX2 looks like a graph model
Search “Graph database” in your favorite search engine:
sounds like the #1 choice
< LET’S GIVE IT A TRY >
First try
https://freetaxii.github.io/stix2-object-relationships.html
https://neo4j.com
17. NO ONE SUCCEEDS ALONE
REPORT
Do it on top of or ? I’m too old for this …
< SO WHAT? FORGET SOMETHING >
Looks like a good idea until “the report use case”
uses
Object_refs
https://janusgraph.org
{
"id": "report--bef4c621-0787-42a8-a96d-b7eb6e85917c",
"type": "report",
"name": "APT28 is using USBStealer since 2012!",
"description": "APT28 is using USBStealer in a new
campaign.",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-
d1b8b55e40b5",
"published": "2019-07-27T00:09:33.254Z",
"created": "2017-05-31T21:31:48.664Z",
"object_refs": [
"intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
"malware--af2ad3b7-ab6a-4807-91fd-51bcaff9acbb",
"relationship--d26b3aeb-972f-471e-ab59-dc1ee2aa532e"
]
}
The report is about APT28 and USBStaler, but it is mostly about the relationship between the 2 entities!
We need a solution for this kind of nested relations…
18. NO ONE SUCCEEDS ALONE
This is not graph … this is hypergraph
AtomSpace
https://github.com/opencog/atomspace
http://hypergraphdb.org
https://www.datachemist.com
https://grakn.ai
< LET’S GIVE GRAKN.AI A TRY… AGAIN >
https://en.wikipedia.org/wiki/Hypergraph
19. NO ONE SUCCEEDS ALONE
Hey Samuel! Let’s go with Grakn!
< A RISK WE SHOULD TAKE >
DUDE… REALLY?
Open source / Github First release in 2016
Active community Good documentation
Confidential but with the feeling that Grakn will solve our future requirements.
Grakn overview
20. Database
Indexing
Main storage
Storage for speed-up
lists and search
Frontend
Workers
Subscriptions
Messaging system
Push data
Connectors
Background jobs such
as importing, exporting, etc.
Consume messages
API
Outside world
OPENCTI ARCHITECTURE
Applications and databases
21. {
"reports":{
"edges":[
{
"node":{
"name":"2019-01-21: APT28 Autoit Zebrocy Progression",
"published":"2019-01-21T00:00:00Z",
"createdByRef":{
"node":{
"name":"VK-Intel",
...
}
}
}
}, ...
ElaticSearch.get(index:"stix_domain_entities", identifier)
match $r isa Report;
$rel(creator:$x, so:$r) isa created_by_ref; $x has name $o;
get $r, $rel, $o; sort $o asc;
offset 0; limit 25;
OPENCTI ARCHITECTURE
query ReportsLinesPaginationQuery
($objectId: String ... $orderBy: ReportsOrdering) {
reports(objectId: $objectId, ... orderBy: $orderBy) {
edges {
node {
id
name
object_status
published
createdByRef {
node {
name
id
}
}
markingDefinitions {
edges {
node {
id
definition
}
}
}
}
}
}
}
GraphQL Query Graql Query
ES query ES query ES query
GraphQL response
“Just” the ordered list of reports by Author
23. HOW GRAKN EMPOWERS OPENCTI
By enforcing the data model in Grakn, we found out many useful features which
actually saved us time and new dependencies.
What we loved:
Knowledge schema
Entities, abstract entities and sub entities
Nested relations
Logical inference of relations
Reasoning rules language
Inferred relations computed at runtime
< GRAKN ENABLES NEW OPENCTI FEATURES >
24. Stix-Domain sub entity,
abstract,
has internal_id,
has stix_id,
has stix_label,
has created,
has modified,
has revoked,
plays so;
Stix-Domain-Entity sub Stix-Domain,
abstract,
has name,
has description,
has alias;
Intrusion-Set sub Stix-Domain-Entity,
has first_seen,
has last_seen,
has goal,
has sophistication,
has resource_level,
has primary_motivation,
has secondary_motivation,
plays attribution,
plays source,
plays user,
plays origin;
HOW GRAKN EMPOWERS OPENCTI
Data model
25. France
APT28
localized-in
From a functional point
of view, this is not
satisfactory.
Considering the whole
knowledge graph, that’s not
correct.
HOW GRAKN EMPOWERS OPENCTI
Nested relations
Industry
Energy
Germany
APT28
Energy (Germany)
Energy (France)
Industry (France)
France
Germany
targets
27. APT28
GRU
XTunnel
attributed-to uses
## USES RULES
AttributionUsesRule sub rule,
when {
(origin: $origin, attribution: $entity) isa attributed-to;
(user: $entity, usage: $object) isa uses;
}, then {
(user: $origin, usage: $object) isa uses;
};
usesinferred relation
inferredrelation
HOW GRAKN EMPOWERS OPENCTI
Logical inference of relations
Customizable inference rules directly in the UI in the roadmap!
This is a very important feature since you can have complex use cases with multiple levels of
inferences, and use reasoning rules to make your data more meaningful.
28. targets
Localized-in
Localized-in
Localized-in
HOW GRAKN EMPOWERS OPENCTI
Nested relations with inferences
FranceAPT28
Industry
Energy
Germany
targets
APT28 has 2 target inferred relations :
targets Germany because targets Energy in Germany
targets France because targets Energy or Industry in France
targets
targets
targets
LocalizationOfTargetsRule sub rule,
when {
$rel(source: $entity, target: $target) isa targets;
(location: $location, localized: $rel) isa localization;
}, then {
(source: $entity, target: $location) isa targets;
};
29. Ready for a ride?
https://demo.opencti.io
DEMONSTRATION
30. HOW GRAKN EMPOWERS OPENCTI
Query language
match $intrusionSet isa Intrusion-Set;
{$intrusionSet has name "APT28";} or {$intrusionSet has name "Turla";} or {$intrusionSet has name "FIN6";};
$attackPattern isa Attack-Pattern;
$relations($intrusionSet, $attackPattern) isa uses;
get;
31. GRAKN READY FOR PRODUCTION?
Is Grakn ready for production complex use cases? YES!
But today…
ElasticSearch
We need data indexation for ordering and filtering.
The only way we found for now is to use
Automatic data migration between major releases in case of data structure upgrade is a must have. We did it one
time and we definitively need a built-in solution.
No database migration
No full indexing
https://www.elastic.co
32. GRAKN READY FOR PRODUCTION?
Grakn provides all the basic interfaces you need to make it work but it will be very helpful to have more API
around update / delete, query builder and various languages and simpler drivers.
Lack of syntactic sugar
Is Grakn ready for production complex use cases? YES!
But today…
Inference is really interesting for OpenCTI, so we already use it as much as possible. We need a simpler/better
answer structure for the inference explanation.
You should not have this kind of problem up until some advanced usage.
Difficult inference explanation
33. WHAT’S NEXT FOR OPENCTI
Powerful importation and exportation system
and storage system
Allow users to interact with
nested relations
Medium term
Automatic data completion and
enrichment
Advanced analytics and visualization
34. Implement multiple levels of knowledge in
the same context
Use Grakn capabilities to add
further correlation features
Implement an investigation graph in the UI using
Grakn capabilities
WHAT’S NEXT FOR OPENCTI
Long term
35. WHAT’S NEXT FOR OPENCTI
Graph theory and ML
For investigation purposes
compute path from V229424, to V446496;
Compute the shortest path
compute centrality in [Intrusion-Set, Attack-Pattern, Sector], using degree;
Find the most interesting instances
compute cluster in [Intrusion-Set, Attack-Pattern, Sector], using connected-component;
For knowledge purposes
Identify clusters
Extract named entities and relationships in context using NLP and ML
https://www.microsoft.com/security/blog/2019/08/08/from-unstructured-data-to-actionable-
intelligence-using-machine-learning-for-threat-intelligence/
Powered by
Powered by
Powered by
36. Questions?
Thank you for your attention
github.com/OpenCTI-Platform
681 83 10
Released 2 months ago (2019-06-28)
samuel.hassine@luatix.org julien.richard@luatix.org
Join us on Slack
https://slack.luatix.org
Editor's Notes
Présentation speakers
As a CTI team within CSIRT or a company that has critical assets to protect, we have multiple customers. Because we can not do anything alone and only with your own data, we have to share your intelligence.
Produce indicators and signature for Security Operations Center teams
Provide the Tactics, Techniques and Procedures used by intrusion sets of interest to the Digital Forensics and Incident Response team.
Help developers of Endpoint Dectection and Response systems or intrusion detection systems to prioritize their roadmaps according to the behaviors we observed on the field or during our investigations
Finally, to make red team scenarios more realistic, we can provide TTPS and payloads we know about.
For all these activities and productions, the knowledge is the key focus of our CTI team. And knowledge needs knowledge management!
The knowledge produced by the CTI team is focused on adversaries that may target the organization or the CSIRT constituencies. This pyramid is one of the most comprehensive view of the different types of knowledge an organization have regarding its adversary. More you go up in the pyramid, more the it is difficult for an adversary to change the piece of knowledge you have on him. But more you go up, more this knowledge is human-related. Changing one technique, tactic or procedure may be doable, but completly change his behavior when moving laterally on a targeted information system is quiet challenging.
Qualify
Read / analyze / consolidate all sources
Search indicators and patterns in the SOC logs
Investigate
Investigate implants & adversary infrastructures to complete the initial knowledge
Mix open source information with classified/internal and national partners data
Disseminate
Produce reports to assess campaigns, intrusion sets and threat actors
Common investigation with national partners capabilities and teams
International relations / private partnerships
Get feedback
Find new victims
Enhance the knowledge, get more indicators, investigate again
Hypergraphs generalise the common notion of graphs by relaxing the definition of edges. An edge in a graph is simply a pair of vertices. Instead, a hyperedge in a hypergraph is a set of vertices. Such sets of vertices can be further structured, following some additional restrictions involved in different possible definitions of hypergraphs.