DOE CODE / / Collection And Analysis Of Telemetry For The Cyote Heuristic

Collection And Analysis Of Telemetry For The Cyote Heuristic

Full Project

For questions about obtaining this software, please contact agradmin@inl.gov.

Abstract

CATCH CLI focuses on gathering telemetry data, storing it in the Neo4j database, querying for Mitre ATT&CK patterns, and creating STIX 2.1 reports. Key Components: Analysis Modules: Analyze data to detect attack patterns. GoSTOTS Collection Engines: Collect telemetry data. These tools can be used together or individually. Analysis modules rely on data from specific engines to identify attack patterns. Source Code Organization: Engines: CATCH/catch/cmd/collection Modules: CATCH/catch/cmd/analysis CGUI Overview CATCH Graphical User Interface (CGUI) offers a graphical shell to execute CATCH CLI, allowing easy editing of: Analysis Modules Database configurations Profiles (collection and device settings) Neo4j Overview Neo4j is a graph database using the Cypher query language, storing data in JSON. It seamlessly integrates with STIX 2.1 data for: Data Submission: CATCH Collection Engines Data Querying: Analysis Modules CATCH modifies STIX 2.1 data for Neo4j submission and reverts it back during querying. STIG Overview Structured Threat Intelligence Graph (STIG) is a tool for creating, editing, querying, analyzing, and visualizing threat intelligence using STIX 2.1 and storing data in Neo4j. Usage Tools can be run: Manually (CLI): Refer to CATCH documentation User Interface: Run ./cgui/CGUI or go run ./cgui/ Additional Information Logging System: Detailed in the config documentation Further Documentation: Available for CATCH and CGUI

Developers:

Madsen, Michael ^[1] ; Brant, William ^[1] ; Kearsley, Logan ^[1] ; Galloway, Greer ^[1] ; Bauer, Ethan ^[1] ; Mocombe, Isaiah ^[1] ; Peterson, Christopher ^[1] ; Russell, Pierce

Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Release Date:: 2024-12-11

Project Type:: Closed Source

Software Type:: Scientific

Programming Languages:: Go

Sponsoring Org.:: USDOE Office of Nuclear Energy (NE)

Primary Award/Contract Number:

AC07-05ID14517

Code ID:: 149869

Research Org.:: Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Country of Origin:: United States

Keywords:: Cybersecurity telemetry data; Threat detection and analysis; MITRE ATT&CK framework; STIX 2.1 reporting; Neo4j database integration; Cypher query language; Threat intelligence visualization; Security Operations Center (SOC) tools; Incident response tools; Threat intelligence analysis; Telemetry data collection; Cyber threat patterns; Advanced threat detection; Cybersecurity data management; Risk management in cybersecurity; Compliance reporting tools; Cybersecurity software development

For questions about obtaining this software, please contact agradmin@inl.gov.

Citation Formats

Madsen, Michael J., Brant, William R., Kearsley, Logan R., Galloway, Greer N., Bauer, Ethan S., Mocombe, Isaiah C., Peterson, Christopher B., and Russell, Pierce L. Collection And Analysis Of Telemetry For The Cyote Heuristic. Computer Software. USDOE Office of Nuclear Energy (NE). 11 Dec. 2024. Web. doi:10.11578/dc.20250117.2.

Madsen, Michael J., Brant, William R., Kearsley, Logan R., Galloway, Greer N., Bauer, Ethan S., Mocombe, Isaiah C., Peterson, Christopher B., & Russell, Pierce L. (2024, December 11). Collection And Analysis Of Telemetry For The Cyote Heuristic. [Computer software]. https://doi.org/10.11578/dc.20250117.2.

Madsen, Michael J., Brant, William R., Kearsley, Logan R., Galloway, Greer N., Bauer, Ethan S., Mocombe, Isaiah C., Peterson, Christopher B., and Russell, Pierce L. "Collection And Analysis Of Telemetry For The Cyote Heuristic." Computer software. December 11, 2024. https://doi.org/10.11578/dc.20250117.2.

@misc{ doecode_149869,

title = {Collection And Analysis Of Telemetry For The Cyote Heuristic},

author = {Madsen, Michael J. and Brant, William R. and Kearsley, Logan R. and Galloway, Greer N. and Bauer, Ethan S. and Mocombe, Isaiah C. and Peterson, Christopher B. and Russell, Pierce L.},

abstractNote = {CATCH CLI focuses on gathering telemetry data, storing it in the Neo4j database, querying for Mitre ATT&CK patterns, and creating STIX 2.1 reports. Key Components: Analysis Modules: Analyze data to detect attack patterns. GoSTOTS Collection Engines: Collect telemetry data. These tools can be used together or individually. Analysis modules rely on data from specific engines to identify attack patterns. Source Code Organization: Engines: CATCH/catch/cmd/collection Modules: CATCH/catch/cmd/analysis CGUI Overview CATCH Graphical User Interface (CGUI) offers a graphical shell to execute CATCH CLI, allowing easy editing of: Analysis Modules Database configurations Profiles (collection and device settings) Neo4j Overview Neo4j is a graph database using the Cypher query language, storing data in JSON. It seamlessly integrates with STIX 2.1 data for: Data Submission: CATCH Collection Engines Data Querying: Analysis Modules CATCH modifies STIX 2.1 data for Neo4j submission and reverts it back during querying. STIG Overview Structured Threat Intelligence Graph (STIG) is a tool for creating, editing, querying, analyzing, and visualizing threat intelligence using STIX 2.1 and storing data in Neo4j. Usage Tools can be run: Manually (CLI): Refer to CATCH documentation User Interface: Run ./cgui/CGUI or go run ./cgui/ Additional Information Logging System: Detailed in the config documentation Further Documentation: Available for CATCH and CGUI},

doi = {10.11578/dc.20250117.2},

url = {https://doi.org/10.11578/dc.20250117.2},

howpublished = {[Computer Software] \url{https://doi.org/10.11578/dc.20250117.2}},

year = {2024},

month = {dec}

}

RESOURCE

SAVE / SHARE

Abstract

RESOURCE

SAVE / SHARE

Citation Formats