CTI Leads
What is Andrew and Andreas combined nickname?
(We love StarWars)
AT-AT
Intruder tickets are known as what?
External Network Monitoring
CTIs biggest client
Reyes
Name all CTI products that get sent out on a scheduled basis.
(Think before you answer)
CA, Mini and monthly iDNA, 4+1, GTS.
This toolkit helps map out techniques and sub techniques, as well as profiles threat groups and associated TTPs
MITRE ATT&CK
Where was the destination for Lydias last Europe trip?
Iceland
What is generally the first thing that is done once a ticket is created?
Respond to customer or stop SLA
Name the 3 clients who don't actively use Jira i.e. they get their alerts via email.
Fubo does not count!
FTP, Provant, Reyes.
How many Flash Advisories were sent out in 2024?
32
Name 3 toolkits you would use to check the reputation of any domain or IP.
I'm not listing them all
How many cats does Katey now have?
3 but don't forget the turtles, giraffes, rabbits, and chickens.
What type of behaviors might be considered malicious or fraudulent on social media and a ticket created for. Hint: (There are 3)
Name 5 of CTIs "Operator" package clients
KGP, Leo, Provant, HubGroup, Compass, ICM, LineCo, SMS.
In what document can you find the support ticket POC, ticketing instructions, and client distribution list.
Products and Services Tracker
What less commonly used CTI toolkit allows you to search for vulnerabilities and exploits by vendor, product, or CVE?
Vulnerability Database (VulnDB)
Name 4 of the 5 leads military jobs?
Andrew, Andrea, Katey, Gabe, Lydia.
Aviation Technician (Gabe)
Spanish linguist (Andrea)
Information Systems Technician (Katey)
Combo but Military Police 100% (Lydia)
Master at Arms (As Andrew says a dumb Cop)
Name 5 of the 7 data points we potentially ses via CAIS tickets.
Name every client that receives a iDNA report.
Hint: (We added a new client last month)
Leopardo, Reyes x2, FTP, KGP, Provant, SMS.
What is the number of the Threat Actors contained in the elastic V2 hacker tracker currently, rounded to the nearest 100.
1600
What previously used CTI toolkit is used as a search engine for Internet-connected devices or to scrape the IOT.
Shoadan
At any one point what was the max number of pets Andrea had?
1 million (Her apartment was a zoo). I believe it was 7.
What is the only way that KGP tickets are ticketed as high severity and the specific wording that should be associated with the ticket?
ONLY for @KGPCo domain CREDENTIALS, not vendors (Bluestream, KGPTel, etc.). All other tickets are informational. All comp creds are to be worded as "Potential Compromised Credentials"
There are 4 "ATO Prevention" Clients, name 3 of them.
Fusion92, GRP Wegman, Rotary Airlock, Townsend
Name 5 places internally where you could find info on a domain permutation that was already ticketed or discovered.
Jira queue, Admin record, CTI Internal Operations tracker, CTI mailbox, iDNA report.
This toolkits shows the average total cost of a ransomware attack based on sector, and number of employees. It also has a variety of dashboards showing trends.
ZULU (ZSCALER)