« CI CTI/en » : différence entre les versions

De Wiki Campus Cyber
Aller à :navigation, rechercher
(Page créée avec « January - February 2024 Decisions Governance and Operations »)
(Page créée avec « The WG discussed the different ways of segregating data in OpenCTI. This central question is linked to operational and governance issues: who should have access to which data, and how is the information verified? Proposals put forward by Filigran are currently being studied. »)
Ligne 10 : Ligne 10 :
Decisions Governance and Operations
Decisions Governance and Operations


<div lang="fr" dir="ltr" class="mw-content-ltr">
The WG discussed the different ways of segregating data in OpenCTI. This central question is linked to operational and governance issues: who should have access to which data, and how is the information verified?  
Le GT a échangé au sujet des différents moyens de ségreguer la donnée dans OpenCTI. Cette question centrale rejoint les questions opérationnelles et de gouvernance : qui doit avoir accès à quelles données, comment les informations sont-elles vérifiées ?  
Proposals put forward by Filigran are currently being studied.
Des propositions faites par Filigran sont en cours d'étude.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
The first layer of the platform will be dedicated to TLP CLEAR and GREEN information, which will be widely accessible. The lower layers of information will be accessible to specific groups of users.
Une première couche de la plateforme serait dédiée aux informations de TLP CLEAR et GREEN, accessibles largement. Les couches inférieures d'informations seront accessibles à des groupes spécifiques d'utilisateurs.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
<div lang="fr" dir="ltr" class="mw-content-ltr">

Version du 20 février 2024 à 10:34

Structurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence

Catégorie : Communauté d'intérêt


Statut : En cours

Logbook

January - February 2024 Decisions Governance and Operations

The WG discussed the different ways of segregating data in OpenCTI. This central question is linked to operational and governance issues: who should have access to which data, and how is the information verified? Proposals put forward by Filigran are currently being studied.

The first layer of the platform will be dedicated to TLP CLEAR and GREEN information, which will be widely accessible. The lower layers of information will be accessible to specific groups of users.

Actuellement, des membres du GT testent les différents modes d'import en fonction de leurs usages propres. L'objectif à court terme est d'avoir une plateforme régulièrement alimentée, avec des informations d'actualité.

Plusieurs structures ont d'ores et déjà un usage interne de la TIP dont les modalités seront présentées lors de prochains événements du Studio .

Le Campus Cyber doit proposer un modèle de contrat de gouvernance prochainement.

[Events]

On September 21, 2023, the GT CTI presented its productions at an event at the Campus Cyber.

The presented slides are avalaible for download.


On 04.05.23, the WG took the following decisions :

Plan an OpenCTI presentation event, then, following this event : Update the list of active contributors Launch a "call for collaboration Create a "decision-making committee" for the future life of the platform (governance and maintenance), bringing together members, customers, public players and the cyber campus team. Another topic discussed was the creation of a methodological framework for data entry and validation, in line with the doctrine that has been published.

On 11.04.23, the CTI WG worked on :

  • use of the future TIP by WG members (information supply and consumption)


He made the following decisions:

  • start building the technical stack, even if governance is not yet fully in place
  • start a V0 POC with TLP:clear only
  • stream governance meeting in the coming weeks.


On 07.03.23, the CTI WG worked on :

Choice of tech stack to define a Campus TIP


He took the following decisions :

  • Base the platform on OpenCTI in SaaS mode.
  • Keep the architecture simple, no agglomeration of bricks.

The issues of governance (and licenses), financing and potential hosting (if not SaaS mode) can be taken up again with these elements.


On 03/02/23, the GT CTI worked on :

Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)

Technology mapping (Sekoia, OpenCTI, MISP, Yeti, Anomali)

Compare the doctrine's indicators with the various technologies on offer Consider the possibility of members covering part of the costs.

The topics of shared financing and governance have emerged and will be addressed in the Governance stream.

Events

Cyber Gourmand #1


Groupes de travail

 StatusDescription
GT CTI - DoctrineTerminéDécrire les principes, règles, lignes directrices et méthodes pour créer et partager du renseignement d'intérêt cyber
GT CTI - Threat Intelligence PlatformEn coursStructurer et implémenter un commun de la cyber pour le partage de données en lien avec la Cyber Threat Intelligence.