« CI CTI/en » : différence entre les versions

De Wiki Campus Cyber
Aller à :navigation, rechercher
(Page créée avec « Community of interest : CTI »)
Balise : translate-translation-pages
 
(Mise à jour pour être en accord avec la nouvelle version de la source de la page)
 
(24 versions intermédiaires par 3 utilisateurs non affichées)
Ligne 2 : Ligne 2 :
|ShortDescription FR=Structurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence
|ShortDescription FR=Structurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence
|ShortDescription EN=Structuring and implementing a cyber commons for data sharing in connection with Cyber Threat Intelligence
|ShortDescription EN=Structuring and implementing a cyber commons for data sharing in connection with Cyber Threat Intelligence
|WorkGroup=GT CTI - Doctrine, GT CTI - Threat Intelligence Platform
|Status=En cours
}}
}}
<div lang="fr" dir="ltr" class="mw-content-ltr">
==Logbook==
==Journal de bord==
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''January - February 2024'''<br/>
[Evenement]<br/>
Decisions Governance and Operations
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
The WG discussed the different ways of segregating data in OpenCTI. This central question is linked to operational and governance issues: who should have access to which data, and how is the information verified?
Le 21 septembre 2023, le GT CTI a présenté ses productions  lors d'un événement au Campus Cyber.
Proposals put forward by Filigran are currently being studied.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
The first layer of the platform will be dedicated to TLP CLEAR and GREEN information, which will be widely accessible. The lower layers of information will be accessible to specific groups of users.
Les [[:Fichier:CTI 21 Septembre .pdf|'''<u>slides présentées</u>''']] sont disponibles au téléchargement.
</div>


At present, members of the WG are testing the different import modes according to their own uses.
The short-term objective is to have a platform that is regularly updated with current information.


Several organisations are already using the TIP internally, and the details will be presented at forthcoming Studio events.


<div lang="fr" dir="ltr" class="mw-content-ltr">
The Campus is due to propose a model governance contract in the near future.
Le 04.05.23, le GT CTI pris les décisions suivantes :
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
'''[Events]'''<br/>  
Prévoir un événement de présentation OpenCTI, puis, suite à cet événement :
Remettre à jour la liste des contributeurs actifs
Lancer un « appel à collaboration »
Créer un « comité de décision » pour la suite de la vie de la plateforme (gouvernance et entretien), réunissant membres, clients, acteurs publics, équipe campus cyber.
Autre sujet abordé : création d’un cadre méthodologique d’entrée et de validation de la data, en accord avec la doctrine qui a été éditée.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
On September 21, 2023, the GT CTI presented its productions at an event at the Campus Cyber.
Le 11.04.23, le GT CTI a travaillé sur :
*utilisation de la future TIP par les membres du GT (alimentation et consommation de l’information)
</div>


The [[:Fichier:CTI 21 Septembre .pdf|'''<u>presented slides</u>''']] are avalaible for download.


<div lang="fr" dir="ltr" class="mw-content-ltr">
Il a pris les décisions suivantes :
*commencer à monter la stack technique, même si la gouvernance n’est pas actée entièrement
*commencer un POC en V0 avec uniquement du TLP:clear
*réunion stream Gouvernance dans les semaines à venir
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
On 04.05.23, the WG took the following decisions :
Le 07.03.23, le GT CTI a travaillé sur :
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Plan an OpenCTI presentation event, then, following this event :
Choix de la stack tech permettant de définir une TIP Campus
Update the list of active contributors
</div>
Launch a "call for collaboration
Create a "decision-making committee" for the future life of the platform (governance and maintenance), bringing together members, customers, public players and the cyber campus team.
Another topic discussed was the creation of a methodological framework for data entry and validation, in line with the doctrine that has been published.


On 11.04.23, the CTI WG worked on :
* use of the future TIP by WG members (information supply and consumption)


<div lang="fr" dir="ltr" class="mw-content-ltr">
Il a pris les décisions suivantes :
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
He made the following decisions:
*Baser la plateforme sur OpenCTI en mode SaaS
*start building the technical stack, even if governance is not yet fully in place
*Garder une architecture simple, pas d’agglomération de briques.
*start a V0 POC with TLP:clear only
</div>
*stream governance meeting in the coming weeks.


<div lang="fr" dir="ltr" class="mw-content-ltr">
Les sujets de gouvernance (et licences), financement, hébergement potentiel (si pas de mode SaaS) vont pouvoir reprendre avec ces éléments.
</div>


On 07.03.23, the CTI WG worked on :


<div lang="fr" dir="ltr" class="mw-content-ltr">
Choice of tech stack to define a Campus TIP
Le 03/02/23, le GT CTI a travaillé sur :
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Le mapping des différentes technos (Sekoia, OpenCTI, MISP, Yeti, Anomali)
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
He took the following decisions :  
Il a pris la décision de :
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
*Base the platform on OpenCTI in SaaS mode.
Mettre en regard les indicateurs de la doctrine avec les différentes technologies proposées
*Keep the architecture simple, no agglomeration of bricks.
Réfléchir à la possibilité de prise en charge d’une partie des coûts par les membres
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
The issues of governance (and licenses), financing and potential hosting (if not SaaS mode) can be taken up again with these elements.
Les sujets Financement partagé / Gouvernance ont éclos et seront abordés dans le stream Gouvernance.
 
== Evenements ==
 
On 03/02/23, the GT CTI worked on :
 
Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)
 
Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)
 
Compare the doctrine's indicators with the various technologies on offer
Consider the possibility of members covering part of the costs.
 
The topics of shared financing and governance have emerged and will be addressed in the Governance stream.
== Events ==
[[Cyber Gourmand]] #1
[[Cyber Gourmand]] #1
</div>


{{PageSubHeader Communauté d'intérêt}}
{{PageSubHeader Communauté d'intérêt}}

Dernière version du 17 avril 2024 à 09:49

Structurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence

Catégorie : Communauté d'intérêt


Statut : En cours

Logbook

January - February 2024
Decisions Governance and Operations

The WG discussed the different ways of segregating data in OpenCTI. This central question is linked to operational and governance issues: who should have access to which data, and how is the information verified? Proposals put forward by Filigran are currently being studied.

The first layer of the platform will be dedicated to TLP CLEAR and GREEN information, which will be widely accessible. The lower layers of information will be accessible to specific groups of users.

At present, members of the WG are testing the different import modes according to their own uses. The short-term objective is to have a platform that is regularly updated with current information.

Several organisations are already using the TIP internally, and the details will be presented at forthcoming Studio events.

The Campus is due to propose a model governance contract in the near future.

[Events]

On September 21, 2023, the GT CTI presented its productions at an event at the Campus Cyber.

The presented slides are avalaible for download.


On 04.05.23, the WG took the following decisions :

Plan an OpenCTI presentation event, then, following this event : Update the list of active contributors Launch a "call for collaboration Create a "decision-making committee" for the future life of the platform (governance and maintenance), bringing together members, customers, public players and the cyber campus team. Another topic discussed was the creation of a methodological framework for data entry and validation, in line with the doctrine that has been published.

On 11.04.23, the CTI WG worked on :

  • use of the future TIP by WG members (information supply and consumption)


He made the following decisions:

  • start building the technical stack, even if governance is not yet fully in place
  • start a V0 POC with TLP:clear only
  • stream governance meeting in the coming weeks.


On 07.03.23, the CTI WG worked on :

Choice of tech stack to define a Campus TIP


He took the following decisions :

  • Base the platform on OpenCTI in SaaS mode.
  • Keep the architecture simple, no agglomeration of bricks.

The issues of governance (and licenses), financing and potential hosting (if not SaaS mode) can be taken up again with these elements.


On 03/02/23, the GT CTI worked on :

Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)

Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)

Compare the doctrine's indicators with the various technologies on offer Consider the possibility of members covering part of the costs.

The topics of shared financing and governance have emerged and will be addressed in the Governance stream.

Events

Cyber Gourmand #1


Groupes de travail

 StatusDescription
GT CTI - DoctrineTerminéDécrire les principes, règles, lignes directrices et méthodes pour créer et partager du renseignement d'intérêt cyber
GT CTI - Threat Intelligence PlatformEn coursStructurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence.