Receive occasional news and new articles from Cosive.

Thanks for subscribing to our newsletter
Oops! Something went wrong
Chris Horsley
Chris Horsley
Chief Technology Officer
February 21, 2024

Using the CTI-CMM Model to Evaluate Threat Intel Program Maturity

It’s okay to admit that you don’t know exactly what CTI means. Of course, you know it stands for Cyber Threat Intelligence, and you might have a general sense it has something to do with staying on top of threats. How, though, do you actually build a successful CTI program in an organisation? What activities should it perform? What should it produce? For who?

Chris Horsley
Chris Horsley
Chief Technology Officer
Tash Postolovski
Tash Postolovski
Technical Marketing Manager
February 21, 2024

Using MISP Bookmarks with Workflows for Team Coordination

Have you tried the Bookmarks feature in MISP yet? It’s much more powerful than you might think. Bookmarks are incredibly useful because within a team, we need to know what to take action on from all the new MISP events that come in over the last 24 hours. MISP bookmarks give us a way to save searches that help us isolate the signal from the noise. Paired with the Workflow features, they give us some powerful options to get our team on the same page.

Chris Horsley
Chris Horsley
Chief Technology Officer
February 21, 2024

Visualising APT threat actor and tool commonalities

How can we visualise intel about tool use between threat actors using a vis.js network visualisation? Let's add a circular twist.

Chris Horsley
Chris Horsley
Chief Technology Officer
Terry MacDonald
Terry MacDonald
Managing Director
February 21, 2024

Announcing Leadership Changes at Cosive: Farewell to Kayne Naughton and Welcome Scott Ceely

We wanted to take a moment today to update our community of past and present customers, as well as our professional and personal networks, of recent changes to the Cosive board.

David K.
David K.
Security Consultant
February 21, 2024

Getting More Out of MISP and Microsoft Sentinel

Typically, SecOps analysts will have many daily routines, one of which will be to check their favourite Threat Intelligence Platforms, read the latest threats and note down any that are worthy of attention. Next, they’ll add those threats to the their central log analysis and alerting platform (e.g. Microsoft Sentinel) as something to look for. Depending on how many feeds analysts are watching and how active the bad actors are, this can be a very time consuming process. Granted, an important one, but still time consuming. Wouldn't it be nice if we could save the planet one tree at a time by doing away with all the post-it notes with one-off IP addresses and domain names? Could we get MISP and Microsoft Sentinel to talk directly without wasting analyst time?