Simple Intel Platform¶
What is SIP?¶
SIP is a Dockerized threat intelligence platform for managing security events, indicators, and the relationships between them. It is designed for ease of use and a low barrier of entry so that anyone can quickly deploy a production-ready intel platform for their organization.
At its core, SIP is a RESTful API sitting atop a database that has been carefully designed to hold the information we have found over the years to be the most impactful in developing a successful threat intelligence program.
Why use SIP?¶
Security is not easy. It is not enough to simply purchase the Latest And Greatest™ product and believe that your organization is protected. There is an endless supply of financially-motivated attackers, and their techniques are always evolving.
The best way to protect your organization is to ensure that you learn something from every attack that you detect and feed that knowledge back into your detection tools. This is the detection+intel feedback loop, and mastering it is key to building an effective intel program for your organization.
SIP is the product of years worth of hands-on experience and insight from some of the most successful security and intel teams and was built with the hope that sharing this experience makes us all more secure.