Quantcast
Viewing all articles
Browse latest Browse all 5385

Re: Using a Thread Intelligence Feed with LEM?

The new STIX and TAXII open standard along with Soltra Edge a (Collect/Create Threat Repositories) also provide a means to share threat intelligence across member organizations anonymously. This would not limit Solarwinds to one threat source.

 

Solrta Edge is free to deploy, there are plenty of paid and free open sources to pull intelligence.

 

Some integration ideas with Solarwinds Products:

LEM - Threat Intel Sharing and receiving, actions/alerts based on rules (more data to correlate off of, and use actions to automate)

NCM - Automate updating firewall, routers, email gateway blacklists based on rules setup in LEM (more integration between Solarwinds products)

Threat Response Manager- Possibly a new Solarwinds module that would integrate with LEM/NCM or be standalone

 

Feature Request: Threat Intelligence Feed

Feature Poll: Would you be interested in importing Open/Closed Source Cyber Threat Intelligence into Solarwind's Products


References:

https://www.soltra.com/

https://forums.soltra.com/

STIX -Structured Threat Information Expression

TAXII -Trusted Automated Exchange of Indicator Information

hail a taxii

https://www.fsisac.com/article/fs-isac-and-dtcc-announce-soltra-strategic-partnership


Viewing all articles
Browse latest Browse all 5385

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>