Menu
Browse

Latest CSIDB updates: There are many.

Author: Hani El-Qasem
18th December 2024

Over the past few months, I’ve been working on enhancing CSIDB (csidb.net) to deliver a more intuitive, insightful, and future-proofed threat intelligence experience. My recent updates are all about streamlining workflows, improving clarity, and aligning more closely with industry standards for cyber threat intelligence. Below, with the assistance of some ChatGPT fluffy and flowery language.. I’ll walk you through the key improvements.


 

A More Engaging User Interface

Images for Incidents:
I’ve enriched incident pages with carefully selected images, helping bring each case to life visually. This isn’t just about aesthetics—it’s about making complex information more accessible.

CIA Posture Icons:
Incidents now feature Confidentiality, Integrity, and Availability posture icons. These symbols highlight which security elements were compromised, enabling you to quickly gauge the severity and nature of each threat.

Sortable Listings and Search Results:
Finding what you need should never be frustrating. That’s why list and search views are now sortable, giving you more control and making it easier to locate the exact data you’re after.

Motives, Threat Actors, and TTPs Icons:
I’ve introduced icons representing various motives, threat actors, and Tactics, Techniques, and Procedures (TTPs). These icons serve as visual cues, so you can rapidly understand the key attributes of each incident and actor profile.

Flag Icons for Geographical Context:
Recognising the importance of location-based intelligence, I’ve added flag icons to victims and threat actors. This allows you to instantly grasp the geographical backdrop of a threat, without needing to dig too deep into text.

Info Icons and Code Book:
For deeper insight, I’ve included handy info icons. Hovering over these provides concise explanations, while direct links lead to a new Code Book page. Here, you’ll find in-depth descriptions of data fields, ensuring a shared reference point for all users.

LinkedIn Sign-In:
I’ve made it easier for you to access CSIDB by enabling LinkedIn-based sign-in. This simplifies the login process and adds an extra layer of security, ensuring a more seamless, reliable experience.


Aligning with Industry Standards through STIX Integration

As the cyber threat landscape evolves, I believe it’s essential to keep pace by using standardised terminologies and models. That’s why I’ve started migrating parts of the information models to the STIX 2.1 standard.

Adhering to STIX 2.1 Vocabularies:
I’ve updated vocabularies for:

Aligning with STIX 2.1 ensures better compatibility and understanding across the industry—facilitating smoother collaboration and data exchange.


Upgraded Threat Intelligence Production

Behind the scenes, I’ve significantly enhanced the threat intelligence production engine. The goal is to deliver timely, accurate, and context-rich intelligence, and these changes bring me closer to achieving that.

Advanced LLM Models:
I’ve introduced more powerful Language Learning Models (LLMs), with Llama-3.3 now serving as the default analytical engine. These advanced models are adept at extracting insights from complex datasets and delivering intelligence tailored to your needs.

Revamped Back-End Workflows:
By restructuring my back-end workflows into a dedicated internal RestAPI, I can roll out updates more frequently and maintain greater agility. This approach enhances how quickly and effectively I can incorporate new intelligence.

Scalable AI Worker Management:
I’ve refined AI worker management processes to distribute work among multiple AI Analyst Agents more efficiently. This means CSIDB can handle larger volumes of data, navigate broader threat landscapes, and deliver insights to you more promptly than before.

Refined Prompt Optimisation:
Through iterative prompt optimisation, I’ve ensured that the intelligence produced is better aligned with your analytical goals. Expect more precise insights, fewer irrelevant details, and a more efficient analytical process.


Looking Ahead

CSIDB is an ongoing journey. Your feedback helps guide my efforts as I continue building new capabilities and refining existing ones. These recent updates represent a significant milestone—making the platform more intuitive, standardised, and powerful.

I invite you to explore these changes at csidb.net. Thank you for your support, and I look forward to helping you navigate the complex world of cyber threats with greater ease, confidence, and clarity.