Threat Intelligence Frameworks

IntermediateSecurity
MITRE ATT&CKSTIXTAXIIAlienVault OTX

Objective

Hands-on practice with threat intelligence frameworks techniques.

Tools & Technologies

  • MITRE ATT&CK
  • STIX
  • TAXII
  • AlienVault OTX

Key Commands

curl https://otx.alienvault.com/api/v1/indicators/IPv4/1.1.1.1/reputation
python3 -c "import stix2; print(stix2.AttackPattern())"

Lab Steps

01
MITRE ATT&CK Navigator

Map observed TTPs to MITRE ATT&CK techniques using the Navigator.

02
STIX/TAXII

Understand structured threat intelligence sharing with STIX 2.1 and TAXII 2.1.

03
OTX Integration

Query AlienVault OTX for IP reputation and threat indicators.

04
Intelligence Fusion

Correlate intelligence from multiple sources to build threat actor profiles.

Challenges Encountered

  • ATT&CK technique IDs change between versions
  • TAXII server authentication varies by provider

Key Takeaways

  • Threat intel is only valuable when acted upon — integrate with detection tools
  • MITRE ATT&CK covers both pre- and post-compromise techniques