Introduction

Threat intelligence sharing has become an essential part of the cybersecurity community, enabling organizations to stay ahead of potential cyber threats.

Sharing information about the latest cyber threats and attacks can help organizations and individuals to better understand the tactics and techniques used by attackers, and to develop more effective cybersecurity strategies.

The Cybersecurity community is a place where you can see a real great minds working together and sharing information to better understand events, attacks, the minds of cyber criminals, you name it.

We make mistakes along the way. a lot. But eventually we find some answers together.

Why Should We Share Information?

The cyber security realm is a tough one. There is still a lot of things that are unknown and will remain unknown for years to come, such as who are the people behind the greatest hacking groups in the world? what new campaigns are out there? what new arrest have been made?

This is just the tip of the iceberg and one can not follow all of these events simultaneously 24/7. Well, maybe some can.

This is where information sharing gives us great benefits. The cybersec community often share everything until the picture is getting clearer and clearer, even if it takes years. Everyone offer their point of view, thought, theories and facts about certain events that help us understand things better.

One we are well educated we can identify the threats better, we can protect ourselves better, the incident responders among us can know better what to expect to how to respond quicker, and overall we improving our awareness.

Information Sharing Platforms

There are several information sharing platforms that we can use, some are technical some are obvious:

Social Media

Social media platforms such as Twitter and LinkedIn can be used to share threat intelligence and to engage with other members of the cybersecurity community.

Other more “sketchy” social platform is Telegram, although you can find threat actors and scammers in your seek for truth so be careful. Same goes for darkweb forums and such. same people different platforms.

Cyber Threat Intelligence Platforms (CTIPs)

CTIPs are specialized platforms that enable organizations to collect, analyze, and share threat intelligence. These platforms typically include features such as threat detection, incident response, and threat hunting.

Some great CTIPs free community-based platforms are:

1. MISP (Malware Information Sharing Platform): MISP is an open-source CTIP that enables sharing and collaborating on threat intelligence. The platform includes features such as event correlation, automated threat indicator sharing, and a flexible data model.
2. OpenCTI: OpenCTI is an open-source CTIP that provides a centralized platform for collecting and analyzing threat intelligence. The platform includes features such as automated data ingestion, customizable data models, and a web-based user interface.
3. TheHive: TheHive is an open-source security incident response platform that includes CTIP capabilities. The platform enables collecting and analyzing threat intelligence, and to collaborate on incident response activities.
4. IntelMQ: IntelMQ is an open-source CTIP that provides a scalable framework for collecting and processing threat intelligence. The platform includes support for a wide range of data sources, and enables users to customize the processing of intelligence data.
5. MANTIS: MANTIS is an open-source platform for collecting and sharing threat intelligence. The platform includes features such as a customizable dashboard, automated data ingestion, and support for a variety of intelligence formats.

I already created a blog post introducing OpenCTI, and i will create for the rest of them as well.

Conclusions

Sharing threat intelligence is essential for organizations and individuals to stay ahead of potential cyber threats.

By sharing information about the latest cyber threats and attacks, we can identify potential risks, mitigate risks, and improve cybersecurity awareness.

In my opinion, The great power of the cybersec community comes with the information sharing and curiosity most of us have.