Secure, near-real-time methods are used for receiving and sharing threat information to enable rapid analysis and action
Context and Guidance: Integrating a system of potentially diverse cybersecurity products into a responsive and resilient detection, analysis, response, and information sharing platform requires leveraging cybersecurity automation standards. These systems are intended to ease the burden on analysts by ingesting and enriching data and, in some cases, automatically taking action in response to malicious indicators. Ensuring that components of a larger cybersecurity system share a common taxonomy (e.g., Structured Threat Information Expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII)) and are designed to securely accept, process, and distribute data from a variety of sources and vendors is key to developing a successful cybersecurity platform.
Related Practices • Information Sharing: This practice is part of a group of cross-domain practices that enable information sharing with organisational stakeholders. These include: THREAT-1i, THREAT-2h, THREAT-2k, RISK-1c1d, SITUATION-3a, SITUATION-3c, SITUATION-3d, SITUATION-3e, RESPONSE-2g, RESPONSE-3c, RESPONSE-3f. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THREAT-2b, THREAT-2h, THREAT-2k.