Presentation Material

Abstract

Arctic builds on the open-source MISP platform to enable threat intelligence based correlation of indicators of compromise using multiple sources like internally collected intelligence, intelligence filtered through free and paid feeds, cloud feeds from Guardduty and Route53,etc. and gives a relevance score to each IOC (Indicator of Compromise) which is specific to the organisation.

It uses MISP to further enrich the IOC and maps it with the MITRE TTPs which can be used to identify the suspected APTs involved in the attack