Threat Intelligence in Slack
Are you finding it hard to keep up with new major cybersecurity vulnerabilities that could affect your environment?
Unless cybersecurity is your full-time job, you’re probably not spending a lot of time wading through blog posts and listening to hours of podcasts just to keep up with every breaking story.
Most of us really just need to stay informed about the next “big one”, so that we can react quickly when our businesses are at risk. (Citrix Netscaler, anyone?). But how do you get the news you need without feeling overwhelmed?
The US Cybersecurity & Infrastructure Security Agency (CISA) is a reliable source for easily digestible security alerts and notices about major software products. They publish a manageable number of alerts, on average around one or two per day, which you can easily skim for items relevant to your environment. You can get these alerts on their website or in email, but it’s even easier if you add their RSS feed to a dedicated channel in Slack:
- Visit the CISA’s US-CERT website to learn about the different types of notifications they have available. (Tip: “Alerts” is the most important, but it’s easiest to subscribe to all)
- Visit their Mailing Lists and Feeds page and copy the RSS feed link for “All NCAS products”, or just the specific notifications you wish to receive (right-click and “Copy Link Address”, for example). You will paste the links in Step 5. If preferred, you can also subscribe to email alerts on this page.
- Optional, but recommended: Create a new, dedicated channel in Slack to receive the feed. For example, “#us_cert”.
- In a browser, Enable RSS feeds in Slack
- Follow the instructions in Step 4 to access your RSS administration webpage and “Add a Feed”.
To receive all US-CERT feeds, use https://www.us-cert.gov/ncas/all.xml
Don’t be surprised if it takes a day or two for the first alert to appear!