Events & MetaData
Utopia
WorkflowEngine
IOCDatabase
Case Files
Malware Artifacts
PacketCaptures
AttackerDB
TargetDB
DataTransformation
Forensics Images
Disk & Memory
Malware Analysis
Malware Packaging
Secure Data
Transfer
Secure Data
Transfer
Information Sharing Partners
Events & MetaData
Utopia
WorkflowEngine
IOCDatabase
DataCapture
DataNormalization
DataInsertion/Updates
Information Sharing Partners
Secure Data
Transfer
Case Files
Malware Artifacts
PacketCaptures
AttackerDB
TargetDB
DataTransformation
OESDKAPI
OEDRI
STIXPKG
OmniEnginesNetworkTaps
NWSDKAPI
NWDRI
STIXPKG
NetWitnessNetworkTaps
ASSDKAPI
ARDRI
STIXPKG
ArcSightEventSources
Packets & MetaData
Packets & MetaData
Events & MetaData
MMSDKAPI
MMDRI
STIXPKG
MANDIANT MIRMIRAgents
IOCs & Result
MetaData
CPSDKAPI
CPDRI
STIXPKG
Check PointFirewalls
IPSDKAPI
IPDRI
STIXPKG
IronPort Mail Servers
F5SDKAPI
F5DRI
STIXPKG
F5 BIG-IP
INTERNET
INTRANET
IBSDKAPI
IBDRI
STIXPKG
InfobloxDNS Servers
Services
Policy &Objects
Policies& Logs
Policies
Forensics Images
Disk & Memory
Utopia Process Logs
Malware Analysis
Malware Packaging
Secure Data
Transfer
Secure Data
Transfer
STIXPKGs Utopia DRP DB
Information Sharing Partners
STIXPKG
Adversary Obfuscation
ICEs
ICEs
ICEs
ICE DRI
ICE DRI
ICE DRI
STIXPKG
STIXPKG
STIXPKG
CUSTOMERS Obfuscation
ICEs
ICEs
ICEs
ICE DRI
ICE DRI
ICE DRI
STIXPKG
STIXPKG
STIXPKG
Open Source
Intel
ICEs
ICEs
ICEs
ICE DRI
ICE DRI
ICE DRI
STIXPKG
STIXPKG
Obfuscation
STIXPKG
STIXPKG
STIXPKG
ICE DRI
ICE DRI
ICE DRI
DNS INFO
ShadowServer
Subscription Services
DataCapture
DataNormalization
DataInsertion/Updates
Information Sharing Partners
Secure Data
Transfer
Intelligence Collection Engines Active Threat Detection & Mitigation
Utopia Process Logs
STIXPKGs Utopia
DRP DB
RAWDATA
Secure Data
Transfer
DistributedNETFLOW
DistributedNETFLOW
DistributedNETFLOW
DistributedNETFLOW
DistributedNETFLOW
DistributedNETFLOW
NETFLOWCollector
NETFLOWDRI
NETFLOWProvisiong
NETFLOWManager
CUSTOMER PremiseManaged Netflow
Collection & Aggregation
Customer Public Facing Information
Collection, Targeting Analysis & Modeling
Adversary information Collection, Analysis &
Modeling
Open Source Intelligence Collection
Automated Threat Intelligence Impact Analysis, Forensics Evidence Capture, and
Operational Mitigation
Vendors Shown are for Illustrative Purposes Only.
All Major Technologies that provide a mature API/REST
Interfaces will be Intergated via standard DRP/DRI Interfaces.
Threat Intelligence Queries and Action Decisions will be also be transformed into Vendor Specific Formatted Configuration Files for manual processing (e.g. Cisco
ACL.s, CheckPoint DBEdit,, Mcafee CSV, etc.
FISDKAPI
FIDRI
STIXPKG
Fidelis
Policies
CSSDKAPI
CSDRI
STIXPKG
Cisco
Policies
MCSDKAPI
MCDRI
STIXPKG
McAfee
Policies
UtopiaUtopia
These are for Illustrative Purposes Only. Key concept is to take all Threat Intelligence and enrich through Open source and
Subscription based services.
DRI = Device Request InterfacesDRP= Device Request Package
Core concept is to normalize a set of actions through "DRP"'s and transform them to actions
that are relevant for a given technology through "DRI"s
"DRI"s are ideally based on "REST"flu Interfaces but can
extend to any API exposed by a given Vendor.
DRI = Device Request InterfacesDRP = Device Request Package
Core concept is to normalize a set of actions/responses through
DRIs using "CTI"' STIX Packages. DRIs transform them into actions that are relevant for a
given technology.
"DRI"s are ideally based on "REST"flu Interfaces but can
extend to any API exposed by a given Vendor.
Data Transform
STIX Profiles
@2008-2015 Integrated Networking Technologies, Inc. All rights reserved