The MANTIS Framework: Cyber Threat Intelligence Management for CERTsReturn to TOC presented at FIRST 2014

by Stefan Berger, Jan Goebel, Bernd Grobauer, Thomas Schreck, Johann Wallinger,

Summary : Proper Cyber-Threat Intelligence Management is increasingly important for effective incident handling. There is a number of emerging standards such as the STIX/CybOX family and the standards developed by the MILE working group ... but no adequate open tools for managing information conveyed in these standards are available.
This presentation will describe ongoing work at Siemens CERT regarding "Mantis -- Model-oriented Analysis of Threat Information Sources", an open-source framework for supporting CERT organizations in handling threat intelligence based. The presentation will first give a brief introduction of the relevant standards and describe a CERT's requirements for tool support as well as the challenges in realizing this tool support. It will then describe the approach taken by Siemens CERT and inform about first experiences with productive use of MANTIS as foundation for cyber-threat intelligence management.
The Open Source MANTIS Framework is available via
https://github.com/siemens/django-mantis