New Blog Post | [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sent

 

Full blog post: [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook (microsoft.com)

 

With the increasing number and sophistication of attacks occurring across an organisation’s digital infrastructure, SecOps teams are increasingly using Threat Intelligence to document the operations of an actor group, to record their investigation framework, results, and any entities or IoCs discovered. A variety of entities, ranging from public and private organisations to social media platforms and the open source community, publish threat reports in the form of unstructured text data, blogs, and white papers, which describe the TTPs used by actor groups in an operation, and the best-practices that enterprises can adopt to protect themselves from these attacks.

 

However, with the growing corpus of unstructured threat intel, it is not easy to extract the patterns of attack that an enterprise or the associated industry vertical has observed on its infrastructure.