A threat intelligence service created as part of KTP № 11598 (https://info.ktponline.org.uk/action/details/partnership.aspx?id=11598).
This repository has been archived on 2022-08-01. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
Ben Goldsworthy c74ac85eb4 chore: update gitignore 2022-06-26 19:23:11 +01:00
.github/ISSUE_TEMPLATE add issue post templates 2021-04-02 11:12:38 +01:00
contrib initial commit 2021-04-02 11:10:12 +01:00
src initial commit 2021-04-02 11:10:12 +01:00
.gitignore chore: update gitignore 2022-06-26 19:23:11 +01:00
.pylintrc initial commit 2021-04-02 11:10:12 +01:00
CONTRIBUTING.md update new issue link 2021-04-02 11:16:06 +01:00
LICENSE initial commit 2021-04-02 11:10:12 +01:00
README.md initial commit 2021-04-02 11:10:12 +01:00
SECURITY.md initial commit 2021-04-02 11:10:12 +01:00
requirements.txt initial commit 2021-04-02 11:10:12 +01:00


Threat Intelligence Service

A tool for collecting threat intelligence data and running Monte Carlo simulations based on it.

Table of Contents

Technology Stack

The risk calculation scripts are written in Python, along with prototypes written in R.

The Neo4j graph database uses the Cypher query language.

Technology Description Link
Neo4j Graph database management system Link


This repo. provides:

  • Scripts for (re)generating incident number and average cost distributions and running Monte Carlo simulations using those distributions;
  • a set of Cypher commands to allow for easy initial population of a Neo4j threat intelligence graph database with data derived from the Cyber Security Breaches Survey 2020; and
  • a full suite of automated linting functions to ensure codebase standardisation.


Threat Intelligence Database (Neo4j)

  1. Install Neo4j Desktop;
  2. in the Neo4j Desktop app, create a new Project;
  3. in that project, add either a Local DBMS or a Remote Connection (depending on which environment you are in) and call it Threat Intelligence:
    • make sure to update the connection details in src/scripts/graph.py.
  4. add the file contrib/database.cypher to the Project;
  5. open your server in the Neo4j Browser;
  6. go to the Project Files tab and press the run button next to database.cypher.


  1. Clone the repo. to your dev. environment (git clone git@github.com:Rumperuu/Threat-Intelligence-Service.git);
  2. enter the new folder (cd Threat-Intelligence-Service);
  3. create a virtual Python environment (python3.⟨version⟩ -m venv pyvenv);
  4. activate your virtual environment (source ./pyvenv/bin/activate); and
  5. install Python package with pip (pip install -r requirements.txt).

Configuration Setup

TODO: Add environment config.


Run python src/montecarlo.py to run a Monte Carlo simulation. Use -h to view the available options.

Run python src/regenerate-distributions.py to (re)generate all propability distributions. Use -h to view the available options.


There are not currently any tests.

Code formatting

There is not currently any automated code formatting or linting.

Python Code

Python code must conform to PEP 8.

  • Run black --target-version=py38 */**/*.py to format all Python files with Black.

  • Use --check to view the output without automatically fixing warnings and errors.

  • Run pylint */**/*.py --output-format=colorized to lint all Python files with Pylint.

  • Pylint does not have the ability to automatically fix warnings and errors.

Pylint configuration settings are found in .pylintrc.


There is currently no documentation.


This project was initially developed as part of KTP № 11598, with funding provided by Innovate UK & Mitigate Cyber.

This game was inspired by Hubbard & Seiersen's book How to Measure Anything in Cybersecurity Risk.


This project is currently released under the CRAPL. It should NOT be used in a production environment in its current state.

Contact Information

Name Link(s)
Ben Goldsworthy Email