SES

Security Event System (SES)

SES is a REN-ISAC implementation of the open source application Collective Intelligence Framework (CIF).  The objective of the REN-ISAC Security Event System is to aid in the timely protection against cyber threat and to provide our membership a shared threat intelligence repository. This objective is accomplished by the sharing, aggregating, correlating and applying analytics to threat data stored in the cyber threat intelligence repository. Cyber threat intelligence is received from members, trusted partners and open source providers. The threat intelligence repository is provided to REN-ISAC members for the purpose of operational protection and response.

REN-ISAC anticipates that each member institution can realize value from leveraging SES in some of the following ways:

  • To aid in REN-ISAC members incident response process
  • To facilitate the sharing of cyber threat intelligence with other REN-ISAC members for operational protection and response
  • To aggregate REN-ISAC members observations regarding cyber threat data for the purpose of increasing or decreasing the confidence level/severity of any individual data point within SES
  • To facilitate the sharing of cyber threat intelligence with trusted partners for the purpose of threat mitigation and remediation
  • To facilitate the sharing of cyber threat intelligence with law enforcement
  • To provide feeds of cyber threat data to be used in REN-ISAC members local protections, such as IDS signatures, flow monitoring, and sinkholes

For more information, visit our Member Wiki.