Threat Intelligence Service

A tool for collecting threat intelligence data and running Monte Carlo simulations based on it.

Table of Contents

• Tech Stack
• Features
• Installation
• Configuration Setup
• Usage
• Testing
• Code Formatting
• Documentation
• Acknowledgments
• License
• Contact Information

Technology Stack

The risk calculation scripts are written in Python, along with prototypes written in R.

The Neo4j graph database uses the Cypher query language.

Technology	Description	Link
Neo4j	Graph database management system	Link

Features

This repo. provides:

• Scripts for (re)generating incident number and average cost distributions and running Monte Carlo simulations using those distributions;
• a set of Cypher commands to allow for easy initial population of a Neo4j threat intelligence graph database with data derived from the Cyber Security Breaches Survey 2020; and
• a full suite of automated linting functions to ensure codebase standardisation.

Installation

Threat Intelligence Database (Neo4j)

1. Install Neo4j Desktop;
2. in the Neo4j Desktop app, create a new Project;
3. in that project, add either a ‘Local DBMS’ or a ‘Remote Connection’ (depending on which environment you are in) and call it ‘Threat Intelligence’:
   • make sure to update the connection details in src/scripts/graph.py.
4. add the file contrib/database.cypher to the Project;
5. open your server in the Neo4j Browser;
6. go to the ‘Project Files’ tab and press the run button next to database.cypher.

Scripts

1. Clone the repo. to your dev. environment (git clone git@github.com:Rumperuu/Threat-Intelligence-Service.git);
2. enter the new folder (cd Threat-Intelligence-Service);
3. create a virtual Python environment (python3.⟨version⟩ -m venv pyvenv);
4. activate your virtual environment (source ./pyvenv/bin/activate); and
5. install Python package with pip (pip install -r requirements.txt).

Configuration Setup

TODO: Add environment config.

Usage

Run python src/montecarlo.py to run a Monte Carlo simulation. Use -h to view the available options.

Run python src/regenerate-distributions.py to (re)generate all propability distributions. Use -h to view the available options.

Testing

There are not currently any tests.

Code formatting

There is not currently any automated code formatting or linting.

Python Code

Python code must conform to PEP 8.

• Run black --target-version=py38 */**/*.py to format all Python files with Black.

• Use --check to view the output without automatically fixing warnings and errors.

• Run pylint */**/*.py --output-format=colorized to lint all Python files with Pylint.

• Pylint does not have the ability to automatically fix warnings and errors.

Pylint configuration settings are found in .pylintrc.

Documentation

There is currently no documentation.

Acknowledgements

This project was initially developed as part of KTP № 11598, with funding provided by Innovate UK & Mitigate Cyber.

This game was inspired by Hubbard & Seiersen's book How to Measure Anything in Cybersecurity Risk.

License

This project is currently released under the CRAPL. It should NOT be used in a production environment in its current state.

Contact Information

Name	Link(s)
Ben Goldsworthy	Email