{"id":29509,"date":"2023-04-06T16:29:23","date_gmt":"2023-04-06T22:29:23","guid":{"rendered":"https:\/\/swimlane.com\/?post_type=sw_resource&#038;p=29509"},"modified":"2024-07-01T11:32:05","modified_gmt":"2024-07-01T17:32:05","slug":"comment-ouvrir-les-sources-de-renseignements-sur-les-menaces-concernant-les-attaques-cobalt-strike","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/","title":{"rendered":"Comment exploiter les renseignements sur les menaces en sources ouvertes contre les attaques Cobalt Strike"},"content":{"rendered":"\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Leverage Open Source Threat Intelligence Against Cobalt Strike Attacks\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1-300x178.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1-1024x609.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1-768x457.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2023-04-06T16:29:23-06:00\">Avr 6, 2023<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">How to Leverage Open Source Threat Intel Against Cobalt Strike Attacks<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/fr\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('How%20to%20Leverage%20Open%20Source%20Threat%20Intel%20Against%20Cobalt%20Strike%20Attacks').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Ffr%2Fopen-source-threat-intelligence-cobalt-strike-attacks%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Leveraging%20Open%20Source%20Threat%20Intel%20Against%20Cobalt%20Strike%20Attacks&url=https%3A%2F%2Fswimlane.com%2Ffr%2Fopen-source-threat-intelligence-cobalt-strike-attacks%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Ffr%2Fopen-source-threat-intelligence-cobalt-strike-attacks%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Ffr%2Fopen-source-threat-intelligence-cobalt-strike-attacks%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h4 class=\"wp-block-heading\"><em>A step-by-step guide on how to use open source data to automate threat intelligence enrichment and IoC lookup processes.<\/em><\/h4>\n\n\n\n<h3 class=\"wp-block-heading\">What is Cobalt Strike?<\/h3>\n\n\n\n<p>Cobalt Strike is a popular penetration testing tool used by cybersecurity professionals to simulate attacks on networks and systems. It provides a wide range of features such as command and control, payload generation, and post-exploitation modules, making it a versatile tool for both offensive and defensive security purposes.<\/p>\n\n\n\n<p>However, as with any powerful tool, it can also be misused by malicious actors for conducting real-world attacks. This is where Threat Intelligence comes into play.&nbsp;<\/p>\n\n\n\n<p>One such Threat Intelligence source is the C2IntelFeeds repository hosted on GitHub, which is a collection of open-source feeds that provide data on Cobalt Strike and other Command and Control (C2) servers. By leveraging this repository, analysts can proactively identify malicious IP addresses, bad domains, and other indicators of compromise that may be associated with Cobalt Strike attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Easily Enrich Cobalt Strike Data with Turbine<\/h2>\n\n\n\n<p>We\u2019re going to use our built-in <a href=\"https:\/\/marketplace.swimlane.com\/details\/Swimlane\/swimlane_http\/1.2.0\">HTTP connector<\/a> to gather the data from the URLs below, since it gives us the flexibility of not writing any code. The HTTP connector can be used like Postman where you can use GET, POST, DELETE, PUT and PATCH.&nbsp; We can use all different kinds of authentication such as OAuth, Basic, None, Bearer Token, Header, and some other things like Scopes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Get the Data.<\/h2>\n\n\n\n<p>Gather the URLs for each feed:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">https:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2s-30day-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2s-30day.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2s-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2s.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURL-30day-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURL-30day.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURL-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURL.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURLwithIP-30day-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURLwithIP-30day.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURLwithIP-filter-abused.csv\nhttps:\/\/raw.githubusercontent.com\/drb-ra\/C2IntelFeeds\/master\/feeds\/domainC2swithURLwithIP.csv\n<\/pre>\n\n\n\n<p>Then, break down the URLs above to make it more automation friendly:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>URL =<\/strong> <a href=\"https:\/\/raw.githubusercontent.com\">https:\/\/raw.githubusercontent.com<\/a><\/li>\n\n\n\n<li><strong>EndPoint =<\/strong> \/drb-ra\/C2IntelFeeds\/master\/feeds<\/li>\n\n\n\n<li>Then, each file:\n<ul class=\"wp-block-list\">\n<li>&#8220;domainC2s-filter-abused.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2s.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURL-30day-filter-abused.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURL-30day.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURL-filter-abused.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURL.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURLwithIP-30day-filter-abused.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURLwithIP-30day.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURLwithIP-filter-abused.csv&#8221;,<\/li>\n\n\n\n<li>&#8220;domainC2swithURLwithIP.csv&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Create a Playbook.<\/h2>\n\n\n\n<p>With the data gathered from Step 1, let\u2019s build a playbook in <a href=\"https:\/\/swimlane.com\/swimlane-turbine\/\">Swimlane Turbine<\/a>.<\/p>\n\n\n\n<p>The first playbook action will be to use the data transformation feature to pass in a list of the files from above, shown here:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"529\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over-1024x529.png\" alt=\"\" class=\"wp-image-29517\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over-1024x529.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over-300x155.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over-768x397.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over-1536x794.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-end-points-to-loop-over.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><em>Tip<\/em>: We can add these items as a list and loop over each file with our magical HTTP connector in a sub-playbook loop has just one action, \u201cGet Data via HTTP\u201d, where we are passing in the \u201cURL\u201d, \u201cEndpoint\u201d and \u201cFilename\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"220\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-1024x220.png\" alt=\"\" class=\"wp-image-29518\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-1024x220.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-300x65.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-768x165.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-1536x330.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"488\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs-1024x488.png\" alt=\"\" class=\"wp-image-29519\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs-1024x488.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs-300x143.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs-768x366.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs-1536x732.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-get-data-via-http-action-inputs.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Notice we are using playbook inputs to pass in the \u201cFilename\u201d from the parent playbook.<\/p>\n\n\n\n<p>Next, merge all the data into one \u201cstring\u201d so we can use a JSONata action to find the IoC faster.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"483\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs-1024x483.png\" alt=\"\" class=\"wp-image-29520\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs-1024x483.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs-300x141.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs-768x362.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs-1536x724.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-jsonata-merge-action-inputs.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Now, let\u2019s take apart that expression above: <code> \u201c$join(object.published.Get_Data_via_HTTP_result_response_text)\u201d <\/code><\/p>\n\n\n\n<p>The \u201c<a href=\"https:\/\/docs.jsonata.org\/string-functions#join\">join<\/a>\u201d syntax is from JSONata. We\u2019ll enrich all the data that returns for each file and combine them into a single string. Notice the <code>\u201cresponse_text\u201d<\/code> from above with the [.] notation and the JSON key below:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"489\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge-1024x489.png\" alt=\"\" class=\"wp-image-29521\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge-1024x489.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge-300x143.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge-768x367.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge-1536x733.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-action-merge.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><br>Next, we need to look up a domain to see if it\u2019s in the <code>\u201cresponse_text\u201d<\/code> string.<\/p>\n\n\n\n<p>Did you know: you can save 9 minutes by using the \u201c<code>match<\/code>\u201d option in Turbine\u2019s data transformation builder feature, instead of looping over each item in the files? Doing so reduces the time to just 2 seconds to find the IoC. \ud83e\udd2f<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"243\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check-1024x243.png\" alt=\"\" class=\"wp-image-29522\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check-1024x243.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check-300x71.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check-768x182.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check-1536x364.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-domain-check.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Now, we want to return <em>True<\/em> or <em>False<\/em> to our case management system. To do that, we\u2019re going to use JSONata \u201c<a href=\"https:\/\/docs.jsonata.org\/boolean-functions#boolean\"><code>boolean<\/code><\/a>\u201d.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"278\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false-1024x278.png\" alt=\"\" class=\"wp-image-29523\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false-1024x278.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false-300x81.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false-768x208.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false-1536x417.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-return-true-false.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><br>Once we have <em>True<\/em> or <em>False<\/em>, we also process it through our threat enrichment playbook that feeds the case mananagment.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"457\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables-1024x457.png\" alt=\"\" class=\"wp-image-29524\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables-1024x457.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables-300x134.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables-768x343.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables-1536x685.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/swimlane-research-threat-intel-observables.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>And there you have it. Cobalt Strike is a powerful tool used by both security professionals and malicious actors. However, by leveraging open-source threat intelligence sources such as C2IntelFeeds and automating the detection and remediation process using Turbine, organizations can better protect themselves against advanced cyber threats and improve their overall security posture.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Why You Should Automate Threat Intelligence Enrichment<\/h3>\n\n\n\n<p>Threat intelligence feeds are an essential tool for organizations looking to proactively identify and mitigate potential cyber threats. By leveraging these feeds, security teams can gather critical data on malicious IP addresses, bad domains and other indicators of compromise, enabling them to quickly detect and respond to potential threats.<\/p>\n\n\n\n<p>The Swimlane Turbine <a href=\"https:\/\/swimlane.com\/blog\/security-automation\/\">security automation<\/a> platform enables organizations to streamline their security workflows by integrating with various threat intelligence feeds, including C2IntelFeeds, and other security tools. This allows security teams to automatically collect and analyze data from multiple sources, enabling them to quickly identify and remediate potential threats, regardless of their origin.<\/p>\n\n\n\n<p>Whether it&#8217;s Cobalt Strike or other sophisticated attack vectors, leveraging <a href=\"https:\/\/swimlane.com\/blog\/cyber-threat-intelligence\/\">threat intelligence<\/a> feeds with Swimlane&#8217;s automation capabilities can help organizations better protect themselves against advanced cyber threats. By taking a proactive approach to security and automating their incident response processes, organizations can reduce response times and improve their overall security posture, ultimately ensuring the safety of their data, systems and users.<\/p>\n\n\n\n<div class=\"bs-div bs-div-335064c410a7661e7b72fe222623f791df38d669 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-335064c410a7661e7b72fe222623f791df38d669 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/ROIReport-2.jpg' class='img-fluid'   alt='roi report swimlane security automation' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-2aebcd1b2c11849d7c87d8462be32842b8c42b50 bs-div---default\"><div class=\"bs-div__inner     \">\n<h3 class=\"wp-block-heading\" id=\"h-roi-report-of-swimlane-turbine\">ROI Report of Swimlane Turbine<\/h3>\n\n\n\n<p>To help companies evaluate the potential financial impact of the potential investment, TAG Cyber conducted an extensive study on the Swimlane Security Automation Solution. This independent study reveals 240% ROI for the Swimlane Turbine security automation platform.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-e3e562e38f728c53b181d99a72f8a9abbb34a6c6\"><style>.bs-pro-button-p-btn-e3e562e38f728c53b181d99a72f8a9abbb34a6c6 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/reports\/roi-report\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Download<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ded5468ccab bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/what-is-soar\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Juil 2, 2025<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>What is SOAR? A Complete Guide to SOAR Platforms<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ded5468df2f bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/state-of-soar-2019\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>D\u00e9c 10, 2019<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>The State of SOAR 2019: How using SOAR tools makes life easier<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ded5468ee3c bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/key-takeaways-from-gartners-2020-market-guide-for-soar-solutions\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Sep 23, 2020<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Key Takeaways for SOAR Solutions<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":29512,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"2023-03-09T00:24:51.576Z","featured":false,"featured_image":29512,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[442],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[76,77,69,72],"class_list":["post-29509","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-learn","blog-category-platform","blog-category-use-cases","blog-category-tips-tricks"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Leveraging Open Source Threat Intel Against Cobalt Strike Attacks<\/title>\n<meta name=\"description\" content=\"A step-by-step guide to how to use open source data to automate threat intelligence enrichment and IoC lookup processes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/fr\/renseignements-sur-les-menaces-en-sources-ouvertes-attaques-cobalt\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Leveraging Open Source Threat Intel Against Cobalt Strike Attacks\" \/>\n<meta property=\"og:description\" content=\"A step-by-step guide on how to use open source data to automate threat intelligence enrichment and IoC lookup processes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/fr\/renseignements-sur-les-menaces-en-sources-ouvertes-attaques-cobalt\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-01T17:32:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Leveraging Open Source Threat Intel Against Cobalt Strike Attacks\" \/>\n<meta name=\"twitter:description\" content=\"A step-by-step guide on how to use open source data to automate threat intelligence enrichment and IoC lookup processes.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI.png\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/\",\"url\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/\",\"name\":\"Leveraging Open Source Threat Intel Against Cobalt Strike Attacks\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png\",\"datePublished\":\"2023-04-06T22:29:23+00:00\",\"dateModified\":\"2024-07-01T17:32:05+00:00\",\"description\":\"A step-by-step guide to how to use open source data to automate threat intelligence enrichment and IoC lookup processes.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png\",\"width\":1120,\"height\":666,\"caption\":\"Leverage Open Source Threat Intelligence Against Cobalt Strike Attacks\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Leverage Open Source Threat Intel Against Cobalt Strike Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/fr\/#website\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Exploiter les renseignements sur les menaces en sources ouvertes contre les attaques Cobalt Strike","description":"Un guide \u00e9tape par \u00e9tape sur l&#039;utilisation des donn\u00e9es open source pour automatiser l&#039;enrichissement des renseignements sur les menaces et les processus de recherche d&#039;indicateurs de compromission (IoC).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/fr\/renseignements-sur-les-menaces-en-sources-ouvertes-attaques-cobalt\/","og_locale":"fr_FR","og_type":"article","og_title":"Leveraging Open Source Threat Intel Against Cobalt Strike Attacks","og_description":"A step-by-step guide on how to use open source data to automate threat intelligence enrichment and IoC lookup processes.","og_url":"https:\/\/swimlane.com\/fr\/renseignements-sur-les-menaces-en-sources-ouvertes-attaques-cobalt\/","og_site_name":"AI Security Automation","article_modified_time":"2024-07-01T17:32:05+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_title":"Leveraging Open Source Threat Intel Against Cobalt Strike Attacks","twitter_description":"A step-by-step guide on how to use open source data to automate threat intelligence enrichment and IoC lookup processes.","twitter_image":"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI.png","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/","url":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/","name":"Exploiter les renseignements sur les menaces en sources ouvertes contre les attaques Cobalt Strike","isPartOf":{"@id":"https:\/\/swimlane.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png","datePublished":"2023-04-06T22:29:23+00:00","dateModified":"2024-07-01T17:32:05+00:00","description":"Un guide \u00e9tape par \u00e9tape sur l&#039;utilisation des donn\u00e9es open source pour automatiser l&#039;enrichissement des renseignements sur les menaces et les processus de recherche d&#039;indicateurs de compromission (IoC).","breadcrumb":{"@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/OSTI-1.png","width":1120,"height":666,"caption":"Leverage Open Source Threat Intelligence Against Cobalt Strike Attacks"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/fr\/open-source-threat-intelligence-cobalt-strike-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"How to Leverage Open Source Threat Intel Against Cobalt Strike Attacks"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/fr\/#website","url":"https:\/\/swimlane.com\/fr\/","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","description":"Automatisation par IA agentique pour chaque fonction de s\u00e9curit\u00e9","publisher":{"@id":"https:\/\/swimlane.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/fr\/#organization","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","url":"https:\/\/swimlane.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/29509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/29509\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media\/29512"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media?parent=29509"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/tags?post=29509"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-type?post=29509"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-topic?post=29509"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-industry?post=29509"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/blog-category?post=29509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}