Cupfighter.net » eddie schwatrz http://www.cupfighter.net A blog by Schuberg Philis colleagues Thu, 09 Feb 2012 14:27:59 +0000 en hourly 1 http://wordpress.org/?v= Confidence 2009.02 – Fusing 3rd party threat feeds to obtain better threat intelligence – Eddie Schwartz http://www.cupfighter.net/index.php/2009/11/confidence0902-threat-feeds/ http://www.cupfighter.net/index.php/2009/11/confidence0902-threat-feeds/#comments Thu, 19 Nov 2009 11:40:17 +0000 Frank Breedijk http://www.cupfighter.net/?p=786 Eddie started with a good overview of why feeds are available from D-Shield to Bluetack and U.S Department of Treasury and the properties of them, good/bad and why.

The he showed us how you can normalize the feeds and integrate them into NetWitness.

By tying infosec intelligence feeds and combining them with things like traffic statistics events on the network start making more sense. In stead of a random dynamic dns call you now all of a sudden you can tie that to a botnet infection on your network.

]]> http://www.cupfighter.net/index.php/2009/11/confidence0902-threat-feeds/feed/ 0