CTI Project: Using a Discord as a Threat Intelligence Dashboard
Discord is one of the best platforms that has helped me get through 2020 after joining various online communities such as The Many Hats Club or participating in virtual conferences such as conINT.
As a cyber threat intelligence (CTI) analyst myself, I am often looking for new ways to consume news and find new threats, which I believe Discord (if configured correctly) can offer. Although I do work for a Threat Intelligence Provider (TIP) with the ability to generate powerful dashboards that can scrape and feed me any source on the internet, not everyone else does. I like having a backup and having custom notifications that Discord can provide.
The Discord bot ecosystem is a great place due to developers generously offering their services for the community for free. There are premium services that can remove the rate limits and other caps but that's not really necessary if you use multiple bots like in this write up and for this specific use case.
Here is how I currently have my Discord CTI "Dashboard" setup at the moment:
As you can see, I have channels that pull in posts from your usual RSS feeds, Google News, Twitter, Reddit, YouTube, and Telegram, as well as a Reminders channel. These are configured to follow individual news sites, blogs, and social media accounts of my choice.
Steps to create your own Personal CTI server for free are as follows:
- Create a Discord account and create a new server
- Bring MonitorRSS, Pingcord, YAGPDB, and Reminder-Bot into the server
- Find the RSS feeds or URLs of Telegram/YouTube channels/subreddits you want to monitor
- Configure the bots via the control panels
Adding feeds on the Pingcord control panel:
Reminder bot:
Final result of finding feeds and adding them to the bots:
Conclusion
Now that I have setup the the Discord server I am currently receiving news alerts within seconds of whenever anyone posts to Twitter, Telegram channels, Subreddits, or news articles. This is how I stay ahead of the news and keep up-to-date with the newest information as soon as it breaks. Intelligence should be actionable but it also has to be timely. I will continue to tweak this server and modify the alerts to tailor to the sectors and industries I am tasked with monitoring. Also, for big events such as SolarWinds you can create special focus channels to pull in any and all new information about one incident or threat group.
Although, not short of issues, the thing I like the most about Discord is that it is free and can be stood up in an evening. Once you have spent the time figuring it out, you can continue to tweak it and add new feeds. It will be worth it. Another final tip is that you can download the Discord app and have push notifications sent to your device!
Hope you enjoyed this blog and can attempt making your own free CTI Dashboard via Discord.
Discord bots:
- https://monitorss.xyz
- https://pingcord.xyz
- https://reminder-bot.com
- https://yagpdb.xyz
- https://socialfeeds.app
- https://axobot.readthedocs.io/
- https://tweetshift.com [Update - Killed by Elon Musk in 2023. RIP]
- https://news.google.com/rss/topics/CAAqBwgKMJmeiQswi7mIAw?hl=en-GB&gl=GB&ceid=GB:en
- https://www.bleepingcomputer.com/feed/
- https://www.zdnet.com/topic/security/rss.xml
- https://www.reddit.com/r/blueteamsec/
- https://www.reddit.com/r/onions/
- http://krebsonsecurity.com/feed/
- http://threatpost.com/feed
- https://www.darkreading.com/rss.xml
- http://www.us-cert.gov/ncas/current-activity.xml
- http://www.csoonline.com/feed/articles/cso
- https://netblocks.org/feed
- https://feeds.feedburner.com/PentestTools