Empowering Cyber Operators with Enhanced CTI Pipelines

Structured information is now more valuable than ever and the STIX format and TAXII 2.1 exchange protocol can currently be used to enhance defender capabilities helping prevent attacks, quickly detect them, and assist in hunts.

There is also an ongoing effort to move STIX and TAXII from just sharing actor-focused intelligence to allow sharing incident reporting about what has happened. This will allow you better connect your tools and teams that perform hunts with both voluntary and mandatory sharing requirements. Finally, we will discuss how this pipeline can produce long-term value for analysts.

Attendees Will Learn

• About free tools exist and resources exist now that they can use to better integrate CTI feeds into defensive and threat hunt activities.
• About ongoing work to establish formal STIX / TAXII incident reporting pipelines and what this may look like as it matures.