Open Source Intelligence (OSINT) data is collected by publicly available sources to be used by intelligence contexts among which Threat Intelligence Platforms (TIPs) are the main consumers. These platforms help organizations aggregate, correlate, and analyze threat data from multiple sources in real-time to support defensive actions. However, considering the unstructured nature of the collected data, TIPs require the data to be correlated with real-time information coming from the monitored infrastructure, before being further analyzed and shared. This paper presents ETIP, an Enriched Threat Intelligence Platform with extended capabilities in terms of import, quality assessment processes, visualization and information sharing in current TIPs. The platform receives structured cyber threat information from multiple sources and performs the correlation among them with static and dynamic data coming from external sources and the monitored infrastructure. This allows the evaluation of a threat score through heuristic-based analysis, used to enrich the information received from OSINT and other sources. The final result is sent to external entities, such as SIEMs, to be further used for a more in-depth analysis, and to be shared with trusted organizations.

开源情报（OSINT）数据是通过公开来源收集的，供情报环境使用，其中威胁情报平台（TIP）是主要消费者。这些平台可帮助组织实时汇总，关联和分析来自多个来源的威胁数据，以支持防御措施。但是，考虑到所收集数据的非结构化性质，TIP要求将数据与来自受监视基础结构的实时信息相关联，然后再进行进一步分析和共享。本文介绍了ETIP，一个丰富的威胁情报平台在当前的TIP中具有导入，质量评估过程，可视化和信息共享方面的扩展功能。该平台从多个来源接收结构化的网络威胁信息，并使用来自外部来源和受监视基础结构的静态和动态数据在它们之间进行关联。这样可以通过基于启发式的分析来评估威胁评分，以丰富从OSINT和其他来源获得的信息。最终结果将发送到诸如SIEM的外部实体，以进一步用于更深入的分析，并与受信任的组织共享。