Abstract
This paper provides an overview of the Advanced Threat Intelligence Orchestrator in assisting organizations and society’s first responders in managing, prioritizing, and sharing information related to cyber security incidents. In order to accomplish this, the capabilities and benefits of security, orchestration, automation, and response (SOAR) systems, on which Orchestrator is based, were promoted. The results of this survey conducted as part of the IRIS EU-funded project to protect Internet of Things (IoT) and Artificial Intelligence (AI)-driven ICT-enabled systems from cyber threats and attacks on their privacy facilitating SOC/CSIRTs/CERTs.
In this context, the tool is explored in methods of orchestrating and automating cyber security processes and routines. The open-source tool that was chosen for the creation of Advanced Threat Intelligence Orchestrator was SHUFFLE. SHUFFLE gives a wide variety of functionalities as it can be integrated with numerous tools and APIS. Furthermore, the provision of schematic workflows with action steps makes the stakeholders’ interface more intuitive.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
References
Redlegg Managed Security Services: What is SIEM?
Johnson Kinyua, L.A.: AI/ML in security orchestration, automation and response: future research directions, vol. 28, no. 2, p. 19 (2021)
Larsen, G., Fong, E.K., Wheeler, D.A., Moorthy, R.S.: State-of-the-art resources (SOAR) for software vulnerability detection, test, and evaluation 2016 (2016)
DFLABS- Cyber Incidents under control: The most comprehensive ebook on soar use cases. https://dflabs.com/wp-content/uploads/2020/12/The-Most-Comprehensive-eBook-on-SOAR-Use-Cases.pdf
LogRhythm: Practical Use Cases for SOAR. https://logrhythm.com/practical-use-cases-for-soar-white-paper-2019/. Accessed February 2022
Palo Alto: Top Security Orchestration Use Cases
Logsign: Security orchestration, automation and response (SOAR) buyer’s Guide- an ultimate guide for SOAR
Cortex: The state of SOAR 2020- the fourth annual survey report on incident response (2020)
CORTEX: Security automation for everyone. https://www.paloaltonetworks.com/cortex/cortex-xsoar
ANOMALI: Big data security. actionable intelligence. Relevant insights
Acknowledgement
This work is a part of the IRIS project. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101021727. This content reflects only the authors’ view and the European Commission is not responsible for any use that may be made of the information this publication contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bilali, VG., Kosyvas, D., Theodoropoulos, T., Ouzounoglou, E., Karagiannidis, L., Amditis, A. (2022). IRIS Advanced Threat Intelligence Orchestrator- A Way to Manage Cybersecurity Challenges of IoT Ecosystems in Smart Cities. In: González-Vidal, A., Mohamed Abdelgawad, A., Sabir, E., Ziegler, S., Ladid, L. (eds) Internet of Things. GIoTS 2022. Lecture Notes in Computer Science, vol 13533. Springer, Cham. https://doi.org/10.1007/978-3-031-20936-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-20936-9_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20935-2
Online ISBN: 978-3-031-20936-9
eBook Packages: Computer ScienceComputer Science (R0)