single-speaker

Tomás Sabat

Netherlands

Tomás is the Chief Operating Officer at Vaticle, creators of TypeDB and TypeQL. He works closely with their open source and enterprise users who use TypeDB to build applications in a wide number of industries including financial services, life sciences, cyber security and supply chain management. A graduate of the University of Cambridge, Tomás has spent the last eight years founding and building businesses in the technology industry.

Building an Open Source Threat Intelligence Platform with STIX Talk

English language

Tomás Sabat

Knowledge of cyber threats is a key focus in cyber security. In this talk, we present an open source threat intelligence platform to store and manage such knowledge built with Python and TypeDB. It enables cyber threat intelligence professionals to bring together their disparate threat intel into one database, enabling them to easily manage such data and discover new insights about cyber threats.

We describe how we used TypeDB to represent the STIX 2.1 specification and Python to load the MITRE ATT&CK dataset. We cover how we leverage modelling constructs such as type hierarchies, nested relations, hyper relations, unique attributes, and logical inference, to create the most accurate representation of CTI data.