The CCN-CERT has submitted KINGS 3.0, a new version of the solution that streamlines the work of analysis of incidents to obtain information contextualized and correlada with the main sources of information available, both public and private.
Among its novelties, is a new interface that offers a more information and structured grouped by facilitating the work of analysis and a new engine of intelligence, in addition to new sources of information.
Through this portal centralized information, available for organizations attached to their early warning systems SAT, can be any investigation quickly and easily, coming from a single platform to the most valuable information about ciberincidentes.
El núcleo de información de REYES está basado en la tecnología MISP (Malware Information Sharing Platform), que se enriquece con fuentes externas públicas y privadas de información que permiten agilizar la prevención y la respuesta a incidentes. Gracias a este núcleo de información, y al estar federado con organismos internacionales, a través de REYES se tiene acceso a gran información privilegiada.
Another advantage outstanding of kings is that, after processing and analyse information through the graph of association or intelligence, creating relations between the different indicators and events that allow the zu analyst between different indicators to establish a fuller picture of the attacker and infrastructure that used to thus expediting its response to incidents.
Kings, a single solution for sharing information
There are various aspects of kings a single solution:
- Is federated with international agencies
- Collects information from many sources malware specialists
- Contains attributes and events contextualised malware
- Allows interaction with other tools of analysis
- Automatically makes the correlation between the different elements of ciberinteligencia containing
- The information obtained prioritizes
- Allows downloading reports
Access to this platform is restricted to all those organizations that have a portal certificate SAT and is performed by the following link .
You can find more information in the following Guides CCN-STIC:
- Guide CCN-STIC-423 commitment Indicators , which displays the existing tools to identify indicators of commitment (IoC), as well as the steps to act against unknown threats. also shown are the steps needed to share these files of intelligence in the platform available kings, as well as the steps of creation and export manually.
- CCN-STIC-424 guide information exchange of Cyber threats. STIX-TAXII , which presents the latest trends in sharing of information and the highest standards used in the sector (STIX, TAXII) as well as the numerous advantages of its use for improved defensive capabilities of an organization. It also provides a practical case for use with the tool KINGS in which you can follow the basic operations – as import and export intelligence -, all based on an attack known.
- Guide CCN-STIC-425 cycle of intelligence and analysis of Intrusions , whose aim is to offer an explanation, simple and concise way, what in cybersecurity is the so-called Ciberinteligencia and the cycle of intelligence, developing one of its most significant phases: the analysis. For this purpose develops a model for the Formal Analysis of Intrusions.
- Guide CCN-STIC-426 Kings. User Manual . This Guide contains the main aspects of the tool KINGS as a platform deployed by the CCN-CERT for the exchange of information and knowledge about cyber threats.