STINGAR: Automated Detection, Sharing, and Mitigation of Network Threats (separate registration is required)

Join this workshop to learn about the Shared Threat Intelligence for Network Gatekeeping and Automated Response (STINGAR) project and CommunityHoneyNetwork (CHN). We will provide an in-depth review of the project's overall goals and future directions, examine the architecture of the STINGAR ecosystem, and demo installation processes. In a final lab, you'll be given access to AWS virtual machines to deploy your own instances of CHN, which will be kept running during the conference; data summaries will be shared postconference. As time and interest allows, internals of the project development processes and future roadmap will be discussed. The goal of the STINGAR project led by Duke University (https://stingar.security.duke.edu/) is to enable low-friction generation of threat intelligence, data sharing, and action on threat intelligence for the higher ed community. Through the use of the CHN (https://communityhoneynetwork.readthedocs.io) honeypot system (a fork of Threatstream/Anomali Modern Honey Network), institutions are able to quickly deploy a central console and multiple honeypots to gather information about attacks on their networks. CHN also supports easy integration with CIF (Collective Intelligence Framework) to summarize and share this attack information with others in the community. Using CIF or CHN APIs, it is trivial to generate feeds of malicious IP addresses that can be loaded directly into an organization's protective or detective devices.

Outcomes: Understand the broad goals of the STINGAR project * Learn the key requirements for building an automated response capability based on threat intelligence * Learn how to deploy the CHN honeypot system and integrate with CIF * Influence future features of STINGAR technology