Making Threat Intelligence Actionable: Recommending Responses with STIX

  • Thursday, April 23, 2015 | 11:30 AM – 12:20 PM | West | Room: 2009

View all Sessions

To accelerate the response to newly detected incidents and new types of threat indicators, we developed ways to express recommend actions in STIX, which can be reviewed and selected by an operator and then executed by a threat defense system. We demonstrate how our extensions provide actionable details to go along with the threat information in STIX, and point the way towards better automation.


This document was retrieved from on Thu, 18 Jul 2019 10:12:31 -0400.