Development of Cyber Threat Intelligence Tool

EasyChair Preprint 5674

Abstract

The gradual development of technology and the transfer of all kinds of information to the internet caused new problems. The most important problem is the safe storage and preservation of this data. In the study, cyber security products were mentioned and what they did was specified. In order to understand the extent of cyber attacks, large attacks on large companies that have been attacked are mentioned. Cyber security products alone are not enough and analysts working in the cyber security operations center need cyber threat intelligence. There are paid or open source solutions that can be used for cyber threat intelligence. But the outputs of intelligence sources do not match. By talking about global and domestic solution intelligence sources, a tool will be developed to query ip, hash and domain information with the method of data scraping from the sources that share them free of charge. In this way, it will be ensured that the outputs of more than one cyber threat intelligence tool can be seen from one place. If the number of queries made is high, a feature has been added so that it can read from an excel file and query the values one by one and save them in a different excel file. As a feature that is not available in the existing cyber threat intelligence tools, when a hash query is made, if the file name is found from the tools used, if this file has an exe or dll extension, it shares the program link when it finds information about what it does by scraping on different sites.

Keyphrases: Cyber Security, Cyber Threat Intelligence with Open Source, cyber threat intelligence

@booklet{EasyChair:5674,
  author    = {Ahmet Yaşar Bozkus},
  title     = {Development of Cyber Threat Intelligence Tool},
  howpublished = {EasyChair Preprint 5674},
  year      = {EasyChair, 2021}}