{"id":3998,"date":"2016-06-28T15:45:35","date_gmt":"2016-06-28T07:45:35","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3998"},"modified":"2016-06-28T15:45:46","modified_gmt":"2016-06-28T07:45:46","slug":"openioc-sharing-threat-intelligence","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/06\/openioc-sharing-threat-intelligence\/","title":{"rendered":"OpenIOC &#8211; Sharing Threat Intelligence"},"content":{"rendered":"<p>OpenIOC is an open framework for sharing threat intelligence, sophisticated threats require sophisticated indicators. In the current threat environment, rapid communication of pertinent threat information is the key to quickly detecting, responding and containing targeted attacks.<\/p>\n<p>OpenIOC is designed to fill a void that currently exists for organizations that want to share threat information both internally and externally in a machine-digestible format. OpenIOC is an extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an attacker\u2019s methodology, or other evidence of compromise.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/06\/openioc-640x427.jpg\" alt=\"OpenIOC - Sharing Threat Intelligence\" width=\"640\" height=\"427\" class=\"aligncenter size-medium wp-image-4195\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/06\/openioc-640x427.jpg 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/06\/openioc-1024x683.jpg 1024w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/06\/openioc-600x400.jpg 600w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/06\/openioc.jpg 1200w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<h3>Why OpenIOC<\/h3>\n<ul>\n<li><strong>Sophisticated Indicators<\/strong> &#8211; Traditional methods of identifying security breaches no longer work. Simple signatures are too easy for an intruder to circumvent. Organizations need to be able to communicate how to find attackers on their networks and hosts using a machine digestible format that removes human delay from intelligence sharing.<\/li>\n<li><strong>Advanced Threat Detection<\/strong> &#8211; By using the OpenIOC framework, you will have the most advanced threat detection capability available. By joining the OpenIOC community, your organization can benefit from the network effect of threat intelligence from organizations within your industry, as well as global Fortune 1000 companies.<\/li>\n<li><strong>Extendable &#038; Customizable<\/strong> &#8211; By allowing for extensions and customization, OpenIOC offers your organization the option of using MANDIANT\u2019s field tested Indicators of Compromise, as well as creating your own custom sets of indicators, and any combination thereof that you need to complete your mission.<\/li>\n<\/ul>\n<h3>The Framework Schema<\/h3>\n<ul>\n<li><strong>It&#8217;s Really Simple<\/strong> &#8211; The base OpenIOC schema is a simple framework that is written in XML to document and categorize forensic artifacts of an intrusion that can be identified on a host or network. You can easily extend the base schema to include additional indicators from a variety of sources.<\/li>\n<li><strong>Mandiant Indicators<\/strong> &#8211; OpenIOC ships with a base set of indicators provided by MANDIANT. These indicators describe over 500 facets of environments that can be used to track down advanced attackers, which have been vetted through years of MANDIANT\u2019s experience responding to some of the world\u2019s largest and most sophisticated computer attacks.<\/li>\n<li><strong>Extendable<\/strong> &#8211; Every environment is different, and you may find custom needs that your environment, market sector, or industry has that are not included in the base set of IOC terms. You are free to create and add your own sets of indicators and extend OpenIOC as you see fit.<\/li>\n<\/ul>\n<p>You can download the IOC Editor here:<\/p>\n<p><a href=\"https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/freeware\/sdl-ioc-editor.zip\">sdl-ioc-editor.zip<\/a><\/p>\n<p>Or read more <a href=\"http:\/\/www.openioc.org\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenIOC is an open framework for sharing threat intelligence, sophisticated threats require sophisticated indicators. In the current threat environment, rapid communication of pertinent threat information is the key to quickly detecting, responding and containing targeted attacks. OpenIOC is designed to fill a void that currently exists for organizations that want to share threat information both [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"OpenIOC is an open framework for sharing threat intelligence, sophisticated threats require sophisticated indicators. This enables rapid communication etc.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[12,11],"tags":[300],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3998"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3998"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3998\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}