There is a lot of discussion on the value of breach data, including the various pivot points it provides. However, there isn't too much discussion on how to create an environment where you can collect breach data and make the data easily accessible and usable for OSINT Analysts when they need the data available to parse through. Having a process for parsing breach data is essential as more and more breaches become prevalent.
My talk will discuss the following points:
1. The breach data lifecycle: Discussing what I consider to be the breach data lifecycle, based off of the intelligence lifecycle (Data breach event occurrence -> Obtaining breach data -> Processing the breach data -> Integrating the breach data -> Analysis and production of the data).
2. Considerations for building an environment for breach data: Virtualization, hardware, OS, and software considerations.
3. Indexing Data: How indexing data can be a game changer when the time comes to rely on the data.
4. Demo: Showing how a breach data environment looks like at multiple scales. Demo will be some recorded information and some live demos.
Actionable takeaways:
- Be able to build your own breach data environment
- Follow a lifecycle to expand the breach data environment over time
- Allow Analysts to quickly parse through breach data when investigation time arises
SANS Open-Source Intelligence Summit 2024
Breach Data Infrastructure
Haris Qazi, Analyst
View upcoming Summits: www.sans.org/u/DuS