Case Study
OpenCTI Platform
Centralized fragmented intelligence feeds into a relationship-aware CTI platform for analyst-ready context.
Architecture ModernizationCTI Automation
Problem
Threat intelligence feeds were disconnected and difficult to operationalize in detection and investigation workflows.
Architecture Overview
Deployed a graph-based CTI architecture with feed connectors, normalization, relationship mapping, and SOC-facing exports.
What Was Designed
- OpenCTI platform architecture and deployment model
- Feed ingestion and normalization workflow
- Correlation and confidence scoring approach
- Analyst pivot workflow for campaign investigations
Impact
Improved intelligence correlation speed
Reduced duplicate indicators
Stronger CTI-to-detection alignment
Need Similar Architecture or Detection Modernization?
I help organizations design resilient security architectures and automate detection workflows tailored to their environment.
Tech Stack
OpenCTISTIX/TAXIIDockerGraphQLPython
View Source on GitHub