Borovskaya Olga E. (Financial University under the Government of the Russian
Federation, Moscow
)
Savelyev Ivan A. (Ph.D. (Technology), Associate Professor
Financial University under the Government of the Russian Federation, Moscow
)
| |
The purpose of the work is to identify the benefits of using TI data and to create an approach to embedding TIP into the SOC ecosystem.
The following research methods were used: consistent analysis of the mechanisms for using TI data, implying interaction with them at the time of receiving indicators of compromise in the system. The article categorizes and classifies TI data. The authors of the article analyzed the work experience of information security engineers specializing in the design and implementation of monitoring tools and response to information security incidents, which made it possible to apply practical skills in their work.
Research results: Categorization and classification of TI data was carried out. The practical significance of the study is confirmed by identifying the benefits of using TI data by integrating TIP with various solutions. The analysis showed that a successful strategy for choosing TI data is to diversify TI data from different manufacturers, since it is difficult to find one manufacturer that would completely cover the user's needs. Approaches to integrating TIP into the SOC ecosystem are described, as well as the main types of solutions in the context of reactive scenarios for using TI data.
Keywords:Threat Intelligence, Threat Intelligence Platform, TI data, indicators of compromise, SOC, analytics, alerting, enrichment, vulnerabilities, threats.
|
|
| |
|
Read the full article …
|
Citation link:
Borovskaya O. E., Savelyev I. A. INTEGRATING TIP INTO THE SOC ECOSYSTEM // Современная наука: актуальные проблемы теории и практики. Серия: Естественные и Технические Науки. -2024. -№06. -С. 40-44 DOI 10.37882/2223-2966.2024.06.07 |
|
|
LEGAL
INFORMATION:
