Cyberdudebivash

  TL;DR  What you’ll build: an end-to-end CTI pipeline that ingests reports/feeds → extracts IOCs & TTPs → normalizes/dedupes → maps to MITRE ATT&CK → publishes STIX 2.1 to your TIP (MISP/OpenCTI) and pushes detections to SIEM/SOAR. ATT&CK is your lingua franca for adversary behavior. MITRE ATT&CK +1 Why now: mature building blocks exist— spaCy/HuggingFace for NER, STIX/TAXII 2.1 for exchange, MISP/OpenCTI for knowledge graphs, ATT&CK Navigator for coverage views. MITRE ATT&CK +5 spacy.io +5 Hugging Face +5 Business win: shrink report-to-detection from days to minutes; measure precision/recall on extractions and coverage deltas per ATT&CK technique. (Use CISA’s mapping practices to keep analysts honest.) CISA 1) What problems AI actually solves in CTI Speed: OCR/PDF → clean text → IOC/TTP extraction and entity linking at stream speed. Normalization: inconsistent formats → STIX 2.1 objects (Indicator, Malware, Intru...