Workshop: The ACT Threat Intelligence Platform

ACT is an open-source threat intelligence platform that has been built from the ground up to address the real-world needs of security analysts, incident responders and threat researchers across all industries. The platform is the product of a 3-year collaborative research project between the private sector, security agencies, CERTs and universities.

The workshop will be led by Dr. Martin Eian, Head of Research at mnemonic, and the Project Manager for the research projects "Semi-Automated Cyber Threat Intelligence (ACT)" and "Threat Ontologies for CyberSecurity Analytics (TOCSA)". He has more than 15 years of work experience in IT security, IT operations, and information security research roles. In addition to his position at mnemonic, he is a member of the Europol EC3 Advisory Group on Internet Security.

Key takeaways from the workshop:

  • The ACT platform design and technical implementation choices

  • The ACT data model, an ontology of threat information

  • Analysis techniques using simple queries and graph interaction (drill-down, filtering, layouts)

  • Advanced analysis using graph queries

  • The ACT REST API with the Python API wrapper (optional)

  • How to implement a simple ACT worker (optional)

The ACT platform source code and a pre-configured virtual appliance are available on Github, ISC license (BSD compatible):

A read-only platform instance pre-loaded with OSINT is available on AWS:

Hardware requirements

The workshop participants have to bring a laptop. Participants that want to use the API and create workers for the platform will need a Python environment; any vanilla Linux distro (either VM or installed as the laptop OS) should be more than enough.



Lunch will be served during the workshop.

NB: Limited space

Påmelding er nå stengt.