ABSTRACT
This chapter explores characteristics of cyber threat intelligence (CTI) communities and the value that might be gained from participating in them. An example of a CTI sharing community that was setup as a hub–spoke model is the Dutch National Detection Network. The cloud-based CTI sharing services provide the capability to establish automated CTI exchange within a specific community. Sharing threat-related insights is a common activity of Computer Security Incident Response Team (CSIRT) collaboration bodies such as Forum of Incident Response and Security Teams (FIRST) and Task Force-Computer Security Incident Response Teams (TF-CSIRT). It also takes place through sector-oriented Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organizations (ISAOs), and various other platforms and initiatives. The chapter describes the CTI sharing infrastructures and the typical functions of a CTI sharing platform. It focuses on the CTI sharing platform Malware Information Sharing Platform (MISP).
