The CCN-CERT has submitted REYES 3.0, a new version of the solution that facilitates the work of analysis of incidents to the information and correlada context with the main sources of existing information, both public and private.
Among its developments, is a new interface that offers a more consolidated and structured to facilitate the work of analysis and a new engine of intelligence, in addition to new sources of information.
Through this portal, centralized information available to the organizations attached to their early warning systems, can be carried out any investigation quickly and easily, accessing from a single platform for the most valuable information on ciberincidentes.
The core of information of REYES is based on technology MISP (Malware Information-Sharing Platform), which is enriched with external sources of public and private information to speed up the prevention and response to incidents. Thanks to this core of information, and land with international agencies, through REYES has access to a large privileged information.
Another advantage of KINGS, after process and analyse information through the partnership or graph of intelligence, creating relations between the different measures and events that permit the analyst to swing between the various indicators to establish a more comprehensive view of the attacker and infrastructure that used to, in this way, speed up its response to incidents.
REYES, a unique solution for information sharing
There are various aspects that make REYES one solution:
- Is state with international agencies
- Collects information from many sources malware specialists
- Contains attributes and contextualised malware events
- Allows interaction with other tools of analysis
- Automatically makes the correlation between the various elements of ciberinteligencia containing
- Emphasizes the information obtained
- Enables the download of reports
Access to this platform is restricted to all those organizations that have a certificate of the portal SAT and carried out by the following link .
You can find more information in the following Guides CCN-STIC:
- Guide CCN-STIC-423 compromise Indicators , which shows the existing tools to identify indicators of commitment (IoC), as well as the steps to deal with unknown threats. It illustrates the steps required to share these intelligence files on the continental available REYES, as well as in the footsteps of creation and export manually.
- CCN-STIC-424 guide information-sharing STIX-TAXII Cyber threats. , which presents the latest trends in the field of information sharing and the most used in the sector (SEARCH, TAXII) as well as the numerous advantages of their use for the improvement of the defence capabilities of an organization. It offers a practical case of use with Kings at which can be the core operations – as import and export intelligence - in an attack.
- Guide CCN-STIC-425 cycle of intelligence and analysis of Intrusions , whose purpose is to provide an explanation, simple and concise disclosure of what is the so-called cyber Ciberinteligencia and the cycle of intelligence, to develop one of its most significant phases: the analysis. For this purpose is developing a Model for the Formal Analysis Intrusions.
- Guide CCN-STIC-426 REYES. User Manual . This Guide adopts the main aspects of the tool REYES as a platform of the iasc CCN-CERT for the exchange of information and awareness of cyber threats.