Setting Your CTI Process In Motion - ENISA CTI-EU 2022

•

3 likes•1,531 views

This presentation is all about how CTI teams can put their CTI Process in Motion. The presentation took place on 7th December 2022 at ENISA CTI-EU 2022 Conference in Brussels.

Technology

ENISA CTI-EU Conference 2022
Andreas Sfakianakis
CTI Professional

Setting the scene Workflow & Case
Management
Basic Ingredients

Workflow, Coordination
& Collaboration
Knowledge
Management
Metrics

§ Tagging
§ Custom Fields
§ Easy searching and filtering
§ Rate your sources
§ Control access

Management
• Time spent per PIR
• CTI assessments per threat
type/threat actor
• CTI assessments(or time
spent) supporting IR
• Quantitative feedback
received per PIR
• Time spent on RFIs per
stakeholder
Team
• Sources mostly used
• CTI deliverables per PIR
• CTI deliverables per
stakeholder
• Average time spent per
CTI deliverable
• CTI analysts’ workload
• Time spent on CTI projects

Some TIPs
Recommendation is to live off the land (at least at the start of your journey)

Remember
§ Data into buckets
§ Consistency is key
§ Spend time to save time

Request For Information (RFI) Feedback Mechanism

Image from elladocomicodedonquijote.wordpress.com

§A common shortcoming
of CTI teams
§The importance of workflow and
case management
§The basic ingredients

Planning
Collection
Processing
Analysis
Dissemination
Feedback
CTI Process

Andreas Sfakianakis
@asfakian
threatintel.eu / sandgroup.eu
Sharing is caring

Someone deployed their application as a Docker container. Then another someone came along and hacked it. Then everyone starts looking at you asking, "How did this happen?" This talk goes into how to extract the forensics artifacts of a Docker container, both if it was still running on a live system (easy) and if you must start from a cold disk image (harder). A cheatsheet of the high points of this talk is also available here: https://www.didactic-security.com/resources/docker-forensics-cheatsheet.pdf The video of this presentation at BSides RDU 2018 is online here: https://youtu.be/esj_NoTsywU?t=3667

What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team

MITRE ATT&CK

From ATT&CKcon 3.0 By Brian Donohue, Red Canary This presentation will highlight the Atomic Red Team project's efforts to define and increase the test coverage of MITRE ATT&CK techniques. We'll describe the challenges we encountered in defining what "coverage" means in the context of an ATT&CK-based framework, and how to use that definition to improve an open source project that's used by a diverse audience of practitioners to satisfy an equally diverse array of needs. The audience will learn how the Atomic Red Team maintainers standardize and categorize atomic tests, perform gap analysis to achieve deep technique-level coverage and broad matrix-level coverage, and quickly fill those gaps with new tests.

Projects to Impact- Operationalizing Work from the Center

MITRE ATT&CK

Threat-Based Adversary Emulation with MITRE ATT&CK

Katie Nickels

It's just a jump to the left (of boom): Prioritizing detection implementation...

MITRE ATT&CK

From ATT&CKcon 3.0 By Lindsay Kaye and Scott Small, Recorded Future Many organizations ask: "Where do I start, and where do I go next" when prioritizing implementation of behavior-based detections? We often hear "use threat intelligence!" but your goals must be qualified and quantified in order to properly prioritize the most relevant TTPs. A wealth of open-sourced, ATT&CK-mapped resources now exists, giving security teams greater access to both detections and red team tests they can implement, but intelligence (also aligned with ATT&CK), is essential to provide necessary context to ensure that detection efforts are focused effectively. This session will discuss a new approach to the prioritization challenge, starting with an analysis of the current defensive landscape, as measured by ATT&CK coverage for more than a dozen detection repositories and technologies, and guidance on sourcing TTP intelligence. The team will then show how real-world defensive strategies can be strengthened by encompassing a full-spectrum view of threat detection, including the implementation of YARA, Sigma, and Snort in security appliances. Critically, alignment of both intelligence and defenses with ATT&CK enables defenders to move the focus of detection efforts to indications of malicious behavior before the final payload is deployed, where controls are most effective at preventing serious damage to the organization.

Threat Hunting Procedures and Measurement Matrice

Vishal Kumar

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK

MITRE ATT&CK

From ATT&CKcon 3.0 By Haylee Mills, Splunk Having ATT&CK to identify threats, prioritize data sources, and improve security posture has been a huge step forward for our industry, but how do we actualize those insights for better detection and alerting? By shifting to observations of behavior over one-to-one direct alerts, noisy datasets become valuable treasure troves with ATT&CK metadata. Additionally, we can begin to look at detection and threat hunting on behavior instead of users or systems. In this presentation, Haylee will discuss the shift in mindset and the nuts and bolts of detections that leverage this metadata in Splunk, but the concept can be applied with custom tools to any valuable security dataset.

From ATT&CKcon 3.0 By Ivan Ninichuck and Andy Shepard, Siemplify The MITRE ATT&CK framework has improved many areas within the infosec workflow. But many of these select areas are those that are relatively isolated from the tactical operations faced every day by lower or mid-tier analysts. When faced with alert fatigue and an ever-growing number of data sources, the impact of ATT&CK can become esoteric to non-existent. In this presentation experts from Siemplify propose the problem be looked at like an orchestra with its dozens of instrument types. Without a conductor to guide each section there would only be noise, but with the conductor leading, beautiful symphonies can now be played. The Siemplify team plan to show how a SOAR platform can be that conductor using the ATT&CK framework as its sheet music, and turn the constant noise into a threat intel driven security program.

MITRE ATT&CK framework

Bhushan Gurav

ATT&CK Updates- Defensive ATT&CK

MITRE ATT&CK

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

Ransomware Resistance

Florian Roth

MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...

MITRE - ATT&CKcon

Cyber Threat Intelligence

Prachi Mishra

Threat Hunting with Splunk Hands-on

Splunk

Threat Modelling - It's not just for developers

MITRE ATT&CK

From ATT&CKcon 3.0 By Tim Wadhwa-Brown, Cisco The purpose of this session will be to look at how you can take public information about threat actors, vulnerabilities, and incidents and use them to build better defenses, utilizing ATT&CK along the way to align your security organization to the people and assets that matter. Stories are critical to how humans learn, so this session will leverage a story book approach to give the audience some ideas on approaches they could use. Tim will take the audience through 3 real world examples where he has leveraged ATT&CK to drive operational improvement. The premise of each story will be real, although some of the details will be apocryphal to protect the innocent. One story will focus on defending a network, one will look at adversary detection, while the final one will look at responding to an active attack and in each case, Tim will guide the audience to think about the kinds of data sources that ATT&CK tracks, that they might call upon to achieve a successful outcome.

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...

MITRE - ATT&CKcon

Mapping ATT&CK Techniques to ENGAGE Activities

MITRE ATT&CK

From ATT&CKcon 3.0 By David Barroso, CounterCraft When an adversary engages in a specific behavior, they are vulnerable to expose an unintended weakness. By looking at each ATT&CK technique, we can examine the weaknesses revealed and identify an engagement activity or activities to exploit this weakness. During the presentation we will see some real examples of how we can use different ATT&CK techniques in order to plan different adversary engagement activities.

Threat Intelligence Workshop

Priyanka Aash

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

MITRE - ATT&CKcon

With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program. This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

Vaticle

⚛️ Building a cyber threat intelligence knowledge management system using Grakn Knowledge of cyber threats is a key focus in many areas of cybersecurity. Adapting intrusion detection systems, building relevant red team scenarios, guiding incident response activities, providing a more effective risk assessment through better knowledge of threat agents: all of these require a deep understanding of the issues related to the relevant cyber threats and its associated human and technical elements. During this talk, we will describe how we are using the hyper-relational data model, the logical inferences and the core features of Grakn to build an application (openCTI) allowing organizations to manage their cyber threat intelligence knowledge and technical observables. We will go through the data model, the implementation of nested relations and give you an overview on how you can create powerful applications using Grakn. Don't forget to check out the openCTI project here --> www.opencti.io

ATT&CK Updates- ATT&CK for mac/Linux

MITRE ATT&CK

Knowledge for the masses: Storytelling with ATT&CK

MITRE ATT&CK

From ATT&CKcon 3.0 By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats. In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.). They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.

Threat hunting - Every day is hunting season

Ben Boyd

How to build a cyber threat intelligence program

Mark Arena

ATT&CK Updates- ATT&CK's Open Source

MITRE ATT&CK

Cyber Threat Hunting Workshop

Digit Oktavianto

Spin Your CTI Process Round - FIRST CTI Conference 2023

Andreas Sfakianakis

Title: Spin Your CTI Process Round Short Bio:Andreas Sfakianakis is a Cyber Threat Intelligence professional with over fifteen years of experience in cyber security. He focuses on applying threat intelligence and helping organizations manage threats mostly within the Energy, Technology, and Financial sectors as well as in European Union’s Agencies and Institutions. Andreas has been contributing to the CTI community since 2012 via public reports and presentations, his blog, newsletter, and instructing. His utmost goals are the maturing of threat management programs within organizations as well as the embedding CTI in policy making. Andreas Twitter handle is @asfakian and his website is threatintel.eu. Abstract: Is your CTI team struggling to operationalize the CTI process? Don't worry, your team is not the only one! During the "CTI journey", CTI teams try out approaches and tools, hoping to give value to their organization. This is usually a trial and error process, and when not successful, it costs money and time for organizations and also demotivates CTI analysts. This presentation will discuss some of the basic "baby" steps that CTI teams often neglect. We will be focusing on case management and intelligence workflows. Moreover, we will elaborate on how you can take advantage of the knowledge produced by the CTI team and provide meaningful metrics to the CTI team and the management. Finally, we elaborate on the essential ingredients for CTI teams in the early phases of their "CTI journey". The key takeaway for the audience is the realization of some basic steps that a CTI team has to take to coordinate its workload better, build workflows, and better manage the CTI knowledge it produces. The audience will also be presented with real-world examples and implementations within corporate environments of such approaches. Ideally, we will give you some hints to spin your CTI process round!

Modern cybersecurity threats, and shiny new tools to help deal with them

Tudor Damian

With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.

What's hot

The ATT&CK Philharmonic

MITRE ATT&CK

MITRE ATT&CK framework

Bhushan Gurav

ATT&CK Updates- Defensive ATT&CK

MITRE ATT&CK

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

Ransomware Resistance

Florian Roth

MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...

MITRE - ATT&CKcon

Cyber Threat Intelligence

Prachi Mishra

Threat Hunting with Splunk Hands-on

Splunk

Threat Modelling - It's not just for developers

MITRE ATT&CK

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...

MITRE - ATT&CKcon

Mapping ATT&CK Techniques to ENGAGE Activities

MITRE ATT&CK

Threat Intelligence Workshop

Priyanka Aash

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

MITRE - ATT&CKcon

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

Vaticle

ATT&CK Updates- ATT&CK for mac/Linux

MITRE ATT&CK

Knowledge for the masses: Storytelling with ATT&CK

MITRE ATT&CK

Threat hunting - Every day is hunting season

Ben Boyd

How to build a cyber threat intelligence program

Mark Arena

ATT&CK Updates- ATT&CK's Open Source

MITRE ATT&CK

Cyber Threat Hunting Workshop

Digit Oktavianto

What's hot (20)

The ATT&CK Philharmonic

MITRE ATT&CK framework

ATT&CK Updates- Defensive ATT&CK

Effective Threat Hunting with Tactical Threat Intelligence

Ransomware Resistance

MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...

Cyber Threat Intelligence

Threat Hunting with Splunk Hands-on

Threat Modelling - It's not just for developers

MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...

Mapping ATT&CK Techniques to ENGAGE Activities

Threat Intelligence Workshop

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...

ATT&CK Updates- ATT&CK for mac/Linux

Knowledge for the masses: Storytelling with ATT&CK

Threat hunting - Every day is hunting season

How to build a cyber threat intelligence program

ATT&CK Updates- ATT&CK's Open Source

Cyber Threat Hunting Workshop

Similar to Setting Your CTI Process In Motion - ENISA CTI-EU 2022

Spin Your CTI Process Round - FIRST CTI Conference 2023

Andreas Sfakianakis

Modern cybersecurity threats, and shiny new tools to help deal with them

Tudor Damian

Modern cybersecurity threats, and shiny new tools to help deal with them - T...

ITCamp

AARC Assurance Profiles for Kantara Initiative

kantarainitiative

CYB205-1 Evolving Threat Landscapes_01.pdf

ssuser4db968

CYB205-1 Evolving Threat Landscapes_01.pptx

ssuser4db968

SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...

Splunk

Gabor Munk - CTI and Information Sharing

Black Cell Ltd.

Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021

Andreas Sfakianakis

During the past years, cyber threat intelligence (CTI) discipline has been adopted by organisations worldwide. While CTI’s best practices are still developing, finding the right technology to support your CTI analysts’ workflows and daily activities is hard. And advertising from vendors makes it even harder. This session will cut through the propaganda: providing a vendor-agnostic look at the process of selecting the right tools by providing a primer on the CTI cycle. Second, hear an overview of the current threat intelligence platform (TIP) landscape and explore the limitations that have been spotted by researchers and practitioners. Finally, learn tangible recommendations related to TIPs for different user groups.

Have the Bad Guys Won the Cyber security War...

Andrew Hammond

Quant & Crypto GoldAndrew Hammond

ICIC 2017: Technology Scouting: Decision Support in Strategic Analyses for Te...

Dr. Haxel Consult

Stefan Geißler (Expert System Deutschland, Germany) Tim Schloen (Fraunhofer IAO Stuttgart, Germany) Trying to keep up to date with developments, trends and opportunities even in narrow domains involves digesting and considering large amounts of textual information and often is beyond the reading capabilities of human experts. Large organisations may be able to cope with this challenge with dedicated analysis teams, but SMEs are overcharge with this information load. Under the label „Technology Scouting“ we present an approach to employ modern semantic technologies and artificial intelligence to (semi) automate the collection, analysis and reporting of large document collections in a way that allows to derive important insights for technology-driven companies: Which technologies and markets are emerging or moving, how do my clients, partners and competitors operate? After an introduction to the technological and methodological basis, we present experiences from past industry engagements where this aproach has be applied in production.

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

REVULN

TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network. In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet. We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security. There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack. Main Points: - What’s TWCSIRT Mission and Scope - How to coordinate in National level with ISAC, CERT and SOC - Cyber-attack and threat hunting in Taiwan Academic Network - How to develop cyber security platform for incident handling - How to do red team and blue team training by CDX

Security Incident Handling for Schools

eLearning Consortium 電子學習聯盟

Cybersecurity: Malware & Protecting Your Business From Cyberthreats

SecureDocs

http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small. This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.

How Internet Peering Improves Security

William Norton

An Introduction to Digital Preservation

DigitalPreservationEurope

Incident handling of cyber espionage

Marie Elisabeth Gaup Moe

Incident handling of intrusions related to cyber espionage operations is a complex and challenging task. As a national CERT with a unique national early warning detection system, NSM NorCERT has detected and responded to incidents that vary from traditional incident response and abuse handling to counter-intelligence operations. Based on some real-world examples, this talk will be about incident handling of cyber espionage intrusions. What are the most common pitfalls and how can companies be better prepared?

Infosec Workshop - PacINET 2007

Chris Hammond-Thrasher

Honeypots for proactively detecting security incidents

APNIC

Similar to Setting Your CTI Process In Motion - ENISA CTI-EU 2022 (20)

Spin Your CTI Process Round - FIRST CTI Conference 2023

Modern cybersecurity threats, and shiny new tools to help deal with them

Modern cybersecurity threats, and shiny new tools to help deal with them - T...

AARC Assurance Profiles for Kantara Initiative

CYB205-1 Evolving Threat Landscapes_01.pdf

CYB205-1 Evolving Threat Landscapes_01.pptx

SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...

Gabor Munk - CTI and Information Sharing

Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021

Have the Bad Guys Won the Cyber security War...

Quant & Crypto Gold

ICIC 2017: Technology Scouting: Decision Support in Strategic Analyses for Te...

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

Security Incident Handling for Schools

Cybersecurity: Malware & Protecting Your Business From Cyberthreats

How Internet Peering Improves Security

An Introduction to Digital Preservation

Incident handling of cyber espionage

Infosec Workshop - PacINET 2007

Honeypots for proactively detecting security incidents

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Knowledge engineering: from people to machines and back

Elena Simperl

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Bits & Pixels using AI for Good.........

Alison B. Lowndes

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Connector Corner: Automate dynamic content and events by pushing a button

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Knowledge engineering: from people to machines and back

Accelerate your Kubernetes clusters with Varnish Caching

Generating a custom Ruby SDK for your web service or Rails API using Smithy

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Securing your Kubernetes cluster_ a step-by-step guide to success !

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Bits & Pixels using AI for Good.........

How world-class product teams are winning in the AI era by CEO and Founder, P...

Neuro-symbolic is not enough, we need neuro-*semantic*

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Setting Your CTI Process In Motion - ENISA CTI-EU 2022

1. ENISA CTI-EU Conference 2022 Andreas Sfakianakis CTI Professional

2. § CTI in Financial, Energy, and Technology sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Mastodon: @asfakian@infosec.exchange § Websites: www.threatintel.eu www.sandgroup.eu tilting at windmills

4. Setting the scene Workflow & Case Management Basic Ingredients

5. Problem Statement(s)

6. Image from gatewaytotheclassics.com

10. Image from bestofspain.es

11. Workflow, Coordination & Collaboration Knowledge Management Metrics

12.

13. § Tagging § Custom Fields § Easy searching and filtering § Rate your sources § Control access

14. Management • Time spent per PIR • CTI assessments per threat type/threat actor • CTI assessments(or time spent) supporting IR • Quantitative feedback received per PIR • Time spent on RFIs per stakeholder Team • Sources mostly used • CTI deliverables per PIR • CTI deliverables per stakeholder • Average time spent per CTI deliverable • CTI analysts’ workload • Time spent on CTI projects

15. Image from heritage-history.com

16.

17. Some TIPs Recommendation is to live off the land (at least at the start of your journey)

18. Remember § Data into buckets § Consistency is key § Spend time to save time

19. Request For Information (RFI) Feedback Mechanism

20. Image from elladocomicodedonquijote.wordpress.com

21. §A common shortcoming of CTI teams §The importance of workflow and case management §The basic ingredients

22. Planning Collection Processing Analysis Dissemination Feedback CTI Process

23. Andreas Sfakianakis @asfakian threatintel.eu / sandgroup.eu Sharing is caring