- IDENTIFY IMPLICIT RELATIONS between documents of different types:
- Auto-tagging of documents to identify their class(es) based on text content analysis. Classes such as: “vulnerability”, “exploit”, “generic attack description”, “technical attack description”, “patch/fix”, “update”, “IoC”, “course of action” can are identified
- Discovering relations between documents from different classes: a vulnerability and its corresponding exploits, an exploit and the respective attack description, an attack and an advisory describing its possible mitigation
- ASSISTANCE IN CREATION AND DISTRIBUTION OF ADVISORIES – CÆSAIR provides suggestions for generating warnings / advisories about:
- vulnerable software/hardware products (based on current threat landscape and vulnerability descriptions),
- potential counter-measures for a threat, found as related documents with the tag “patch/fix” or “course of action”,
- recipients of the warning (based on assets information provided by end users). Warnings / advisories are sent out to the recipient list, or available on-demand (including the historic data).
- TOOLTREND ANALYSIS – keep track of the evolvement of the IT security landscape by observing:
- How the vulnerability of a software/hardware product changes over time.
- How timely a software vendor releases a fix after an exploit is disclosed.
- Which products on the market are most exposed to security threats.
- What are the top N non-trivial frequently co-occurring concepts in CTI.
- INTERACTION WITH EXISTING SOLUTIONS for threat and incident handling – CÆSAIR’s analytical functionality can be accessed through a friendly graphical user interface, as well as via APIs. This means that CÆSAIR can be:
- deployed as a full-fledged standalone installation,
- run “as a service” on data collected from third-party solutions, such as threat sharing or incident handling solutions, and/or direct its output to such solutions. This allows the integration of CÆSAIR with open-source (such as IntelMQ and MISP) or commercial products.
