Software Engineering Institute

This presentation was given at FloCon 2023, an annual conference that focuses on applying any and all collected data to defend enterprise networks.

Sifting through all the articles, tweets, mailing lists, and other feeds for actionable OSINT is an important, yet exhausting task for every responsible organization or CSIRT team. In this presentation, we will introduce Taranis NG, a new OSINT gathering and analysis tool designed to make this task faster and easier.

The open-source software Taranis NG crawls various data sources such as websites or tweets to gather unstructured news items. These are processed by analysts to create structured report items, which are used to create products such as PDF files, which are finally published.

Taranis allows multiple teams to collaborate on analyses which significantly reduces workload, and includes lightweight self-service asset management for CSIRT's constituency which automatically links to the advisories that mention vulnerabilities in the software.

Taranis NG was developed by SK-CERT with help from the wide CSIRT community, and is released under terms of the European Union Public License. This project has been co-funded by various European funds, and the development is ongoing.

Attendees will learn how to process raw OSINT sources into actionable vulnerability advisories, threat intel, and more, using a recently released open-source tool. The presentation will include a live demonstration of the software.