In an effort to get back on a regular writing schedule, I am planning to post a quick recap on one thing I learn each week. Based on the fire hose of information coming out of my SANS training, finding something new should be easy – making the time to write about it will be the challenge!
This week’s lesson falls under the K.I.S.S. principle – Cassandra. This tool allows you to configure specific alerts for any new entries in the National Vulnerability Database (NVD). What makes this tool interesting is the ability to create different “profiles” (read: filters) for alerts. You can create many different profiles using the following criteria:
- Vendor
- Product
- Keyword
“Threat Intelligence” is a big buzzword in our industry right now, and many times the organizations looking for these massive information feeds do not have the resources to act on the information. This typically leads to a false sense of security, while adding even more hay to the haystack, concealing the needle.
These Cassandra alerts can function as a simple reminder for your critical technologies, or specific risks your organization is worried about. By filtering out a lot of the noise, you can hopefully reduce alert fatigue, and only monitor what matters to you.
The Personal Blog of Sean Goodwin 
An interesting ISC diary entry on a similar tool:
https://isc.sans.edu/forums/diary/22432
LikeLiked by 1 person