Method of actively collecting and aggregating data based on multi-source intelligence

Abstract

The present invention provides a method for actively collecting and aggregating data based on multi-source intelligence, comprising the following steps: S1, acquiring IOC data; executing step S2; S2, broadcasting IOC data from multiple intelligence sources; executing step S3; S3, performing steps S2 broadcasts the acquired intelligence data, and maps it to the intelligence dimension; executes step S4; S4, aggregates the data of the intelligence dimension. Through active collection and aggregation, the present invention can effectively solve the problem of incomplete dimensions of existing intelligence data and insufficient context information, and help to form an overall portrait of threat intelligence. Based on the rich intelligence data, it can effectively improve the actual application scenarios The analysis dimension, threat intelligence reliability calculation, and threat impact assessment capabilities strengthen the in-depth application of threat intelligence.

Description

Technical field [0001] The present invention relates to an intelligence acquisition method, and more particularly to a method based on multi-source intelligence actively acquisition and aggregation data. Background technique [0002] The threat information is currently used in safety testing, security defense, tracking traceable application scenarios, and playing its fast, comprehensive warning capabilities in actual application scenarios, effective protection of unknown threats. However, in the actual application process, the IOC, which is often available, the threat, if the threat domain name is detected, and the background knowledge and intelligence dimensions are not rich enough, it is difficult to evaluate the true impact of this IOC in the network environment. And it is difficult to provide the next step. [0003] The existing intelligence data aggregation technology is a passive data aggregation technique, that is, a mapped data that can be collected, but in the actual app...

AI Technical Summary

Problems solved by technology

However, in the actual application process, after machine-readable IOCs such as threat IPs and threat domain names are detected to generate threats, it is difficult to evaluate the real impact of the IOC in the network environment due to insufficient background knowledge and intelligence dimensions. , and it is difficult to provide the next decision

[0003] The existing intelligence data aggregation technology solution is a passive data aggregation technology, which maps and correlates the data that can be collected. However, in the actual application process, it will be found that the type of aggregated data is incomplete. The status quo, such as norms, will lead to the fact that most of the intelligence data is too rich in dimension, or the omission of important intelligence data will occur. Indeed, passive data aggregation is difficult to meet the quality requirements of intelligence data and the application of practical auxiliary judgment and decision-making.

Images