feat: integrate OSINT tools and threat intelligence capabilities #36
Conversation
Add comprehensive threat intelligence and incident response frameworks with OSINT tool integration: - Add threat intelligence collection, analysis, integration, sharing, and automation capabilities - Include incident response plan with OSINT-driven intelligence gathering procedures - Integrate 10 OSINT tools (Shodan, VirusTotal, URLScan.io, Maltego, etc.) with proper UUIDs - Update dependency references to use descriptive names instead of UUIDs - Fix implementation URLs and documentation links for consistency This extends the DevSecOps maturity model with actionable threat intelligence practices and standardized OSINT tooling for improved security operations and incident response capabilities.
| Implement automated and manual collection processes using: | ||
| - OSINT tools for reconnaissance detection (domain monitoring, certificate transparency) | ||
| - Social media monitoring for brand mentions and threat actor discussions | ||
| - Dark web monitoring for leaked credentials and company mentions |
There was a problem hiding this comment.
own activity, maybe at different levens
| @@ -196,7 +195,7 @@ Test and Verification: | |||
| usefulness: 3 | |||
| level: 2 | |||
| dependsOn: | |||
| - uuid: c1acc8af-312e-4503-a817-a26220c993a0 # Simple false positive treatment | |||
There was a problem hiding this comment.
revert (and maybe fix by removing the space)
| measure: | | ||
| Develop comprehensive incident response documentation including: | ||
| - Playbooks for common incident types with OSINT collection steps | ||
| - Role-based access controls and escalation procedures |
|
In my opinion, this proposal does not improve the level of software development. These practices belong to the maturity assessment model of the security operations center. These practices do not belong to the secure development unit. It looks like an attempt to mix everything together |
|
Hmm. I agree with the @sergiomarotco that this is not part of secure develeopment. However, VeraCode defines 'OSINT' as part os application security (ref). So I guess the question is what DSOMM, being DevSecOps oriented, should include and not include. I'm tilting towards including OSINT in DSOMM, as part of the Ops part of DevSecOps. (But can easily be convinced by good arguments either way.) |
| @@ -247,12 +308,12 @@ implementations: | |||
| uuid: edaec98d-dac7-4dfd-8ab3-42c471d5b9ff | |||
| name: CIS Kubernetes Bench for Security | |||
| tags: [] | |||
| url: https://www.cisecurity.org/cis-benchmarks/ | |||
| url: https://www.cisecurity.org/cis-benchmarks/cis-kubernetes-benchmark | |||
| cis-docker-bench-for: | ||
| uuid: 4dd23c4a-5a7e-4917-82cf-d00e0f04482f | ||
| name: CIS Docker Bench for Security | ||
| tags: [] | ||
| url: https://www.cisecurity.org/cis-benchmarks/ | ||
| url: https://www.cisecurity.org/cis-benchmarks/cis-docker-benchmark |
| @@ -172,8 +233,8 @@ implementations: | |||
| tags: [] | |||
| url: https://www.owasp.org/index.php/Agile_Software_Development | |||
| description: | |||
| "[Do not Forget EVIL User Stories](https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories)\ | |||
| \ and [Practical Security Stories and Security Tasks for Agile Development Environments](http://safecode.org/publication/SAFECode_Agile_Dev_Security0712.pdf)" | |||
| "[Do not Forget EVIL User Stories](https://owasp.org/www-community/Agile_Software_Development)\ | |||
There was a problem hiding this comment.
I get 404 on the 'Do not Forget EVIL User Stories' urls. Both the previous one, and the one suggested here.
Actually, I cannot find the phrase in Google at all, except references that go to DSOMM pages. Should we delete this item, or find another reference to use instead?
| uuid: 659e9838-4a79-45a1-ac1f-6b9964a5d21c | ||
| name: SpiderFoot | ||
| tags: [osint, reconnaissance, threat-intelligence] | ||
| url: https://www.spiderfoot.net/ |
Add comprehensive threat intelligence and incident response frameworks with OSINT tool integration: