ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > First Steps for Automating Your IOC Provision Sources

First Steps for Automating Your IOC Provision Sources

Ofir Eitan, CISM, and Aviv Srour
| Published: 3/8/2018 3:03 PM | Category: Security | Permalink | Email this Post | Comments (0)

Ofir Eitan, CISM, and Aviv SrourThe first step is always the hardest. If your organization lacks adequate cybersecurity intelligence processes and you are looking for a quick win solution, we are here to assist. We have compiled a complementary list of cyberthreat intelligence sources that yield positive results from some of the most notable cybersecurity companies available on the Internet.

The first step is to automate the data mining processes from these websites. Therefore, we highly recommended organizations invest in programming a crawling process using Python or, if available, set up a communication line between your database and the source by using an application programming interface (API). Furthermore, we advise you to contact your required sources, whether that be a security company or indicators of compromise (IOC) provider, for additional information regarding their services and the best methods to consume them.

If you wish to take it to the next level, you can always set up an automated management platform by downloading software or subscribing to a service. To this end, we recommend downloading the open-source GitHub platform MISP, which can help manage your IOC aggregation process. If there any operational constrains such as a short in IT maintenance resources or legal dictations, you should consider acquiring an IOC management platform or purchasing a full-service package from a cyberintelligence provider. Figure 1 contains some cyberintelligence sources and has links to help you learn more about them.

Figure 1:  Cyberintelligence Sources


Relevant Link


RSA labs


Check Point

Crowd Strike


Microsoft Secure


Trend Micro

Team Cymru


Seculert Blog




Carbon Black


The names of the companies presented in this article are solely the suggestions of the authors and are not backed by any financial, material or other motive. It should be emphasized that any recommendation regarding the cyberintelligence services mentioned in this publication does not replace an orderly procurement process.

Read Ofir Eitan’s recent Journal article:
The Missing Link in Assessing Cyberrisk Factors Through Supply Chains,” ISACA Journal, volume 2, 2018.


There are no comments yet for this post.