A Content-Based Recommendation System for Indicators of Compromise Life Cycle
2019-10-21, 11:40–12:00, Hollenfels

In order to approach the hard problem of decaying of the indicators of compromise the idea is to use a content-based Recommendation System as a decision algorithm based on the IoC data model and its Taxonomy, together with feeds gathered by TheHive Cortex Analyzers and MISP.


An aging process of indicators of compromise certainly raises a problem of responsability but at the same time it would contribute to refine the outputs of threat intelligence platforms involved in the process.
The proposed Recommendations system could go in the direction of improving the evaluation of the indicators of compromise that weigh the scoring given by the community feeds.