Skip to content

Latest commit

 

History

History
49 lines (31 loc) · 3 KB

README.md

File metadata and controls

49 lines (31 loc) · 3 KB

TIBER-Cases

TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases generated are mapped to TIBER-EU processes.

TIBER-EU process is complex to implement in order to work in an agile way. It takes a lot of intercommunication between different departments and suppliers.

The cases generated for The Hive have the main objective of quickly implementing the tasks that the Threat Intelligence team has to perform. In this way, work agility is achieved.

Full explanation about this project in my blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Threat-Intelligence-Series-01

TIBER-EU

How they define themselves is: TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.

Threat Intelligence Process

To simplify the entire TIBER-EU document and the Threat Intelligence section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Threat Intelligence" section of the official TIBER-EU process.

Jstnk_TIBER_TI

blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Threat-Intelligence-Series-01

Red Team Process

To simplify the entire TIBER-EU document and the Red Team section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Red Team Test" section of the official TIBER-EU process.

Jstnk_TIBER_RT

blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Red-Team-Series-01/

Blue Team Process

To simplify the entire TIBER-EU document and the blue team section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Closure Phase" section of the official TIBER-EU process.

Jstnk_TIBER_BT

Feedback and contributions

Feel free to open issues if you want collaborate or send any feedback.

ToDo

  • Threat Intelligence Provider cases
  • Blue Team cases
  • Red Team Provider cases
  • New blog series

Contact

@Joseliyo_Jstnk

References

TIBER-EU: https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html

TIBER-ES: https://www.bde.es/bde/es/secciones/servicios/tiber-es-3f6bfe7e907ed71.html

The Hive Project: https://thehive-project.org/