Projekti
Continuous Integration for the Collaborative Analysis of Incidents
Rahoitusohjelma
The CinCan project was an INEA/CEF funded project worked on by TRAFICOM, Jyväskylä University of Applied Sciences & University of Oulu.
The aim of the CinCan project was to build shareable, repeatable & history preserving analysis pipelines using your favorite (analysis) tools + CI + git + containers. The project integrated analysis tools into pipelines, that will run automatically whenever possible, and the results are automatically evaluated and compiled into shareable threat intelligence packages.
The projects consisted of four main parts:
#1 Quality of threat intelligence
Map the state of the art of threat intelligence feed providers, feeds, contents of the feeds, and possible evaluation sources for feed attributes throughout the project.
#2 Integration of analysis tools
Map the state of the art of threat intelligence feed providers, feeds, contents of the feeds, and possible evaluation sources for feed attributes throughout the project.
#3 Collaborative analysis, with automation
Create tools supporting an integrated analysis workflow (open sourced)
Integrate with #1 (quality evaluation) and #2 (incident analysis) tools
#4 Piloting
Tools and workflows in handling actual cases during the project. The work is performed with a community of pilot users.
More information:
Vesa Vertainen: [email protected]
Erno Kuusela: [email protected]
Homepage: https://cincan.io/
Gitlab: https://gitlab.com/CinCan
Docker Hub: https://hub.docker.com/u/cincan
Projektin tulokset
The key products in the CINCAN project:
Dozens of Dockerized DFIR tools, ready to use:
https://gitlab.com/CinCan/tools
https://hub.docker.com/u/cincan
The 'cincan' command line tool to easily run the tools with easier handling of input/output:
https://gitlab.com/CinCan/cincan-command
The 'minion' CLI tool for rule based workflows:
https://gitlab.com/CinCan/minion
The pilot environment using Concourse CI/CD pipelines and Gitlab, running in Docker containers:
https://gitlab.com/cincan/environment
https://gitlab.com/cincan/pipelines
Numerous blog posts about DFIR tools:
https://cincan.io/blog/
Edited: April 24. 2021