The SAINT observatory subsystem: an open-source intelligence tool for uncovering cybersecurity threats

Data from Online Social Networks, search engines, and the World Wide Web are forms of unstructured knowledge that are not regularly used in cybersecurity systems. The main reason for the reluctance to utilize them is the difficulty to process them effectively and extract valuable information. In this paper, we present the Systemic Analyzer In Network Threats (SAINT) Observatory Subsystem or SAINToS for short, a novel platform for the acquisition and analysis of Open-Source Intelligence feeds. The proposed framework integrates different information pools to create a supplementary view of the evolving cybercriminal activity. The aim of SAINToS, is to provide additional models, methodologies, and mechanisms to enrich existing cybersecurity analysis. As a significant amount of related information is not standardized in the form of structured data tables or machine-processable formats (e.g., XML or JSON), secondary data sources, such as social networks and blogs, are expected to expand the scope and effectiveness of existing approaches. The emphasis of this work, is placed on the harmonization and visualization of data from different sources. As a result, these sources can be better understood and reused. In addition, the SAINToS, besides its standalone functionality and capabilities, can provide input, in standard formats, to additional major threat intelligence platforms.