INTELLIGi
Full Title
Quality Threat Intelligence to Enhance Cyber DefenceDescription
The objective of the INTELLIGi project is to develop a platform that integrates an open-source SIEM (Security Information and Event Management) with an enriched cyber threat intelligence (CTI)-based cyber risk (CR) assessment. The results must be understandable by information security analysts involved in SIEM programming and cyber-incidents resolution. Additionally, the platform’s development must be low-cost and reproducible in other Portuguese Public Administration (PA) entities.
Cyber threat intelligence (ThreatIntel) consists of producing knowledge about cyber threats. ThreatIntel cannot be made manually because it deals with vast amounts of data to collect, classify and store. Therefore, digital means (high-performance computers) and processes are required. Cyber threat intelligence platforms (TIPs) were introduced to store OSINT and fill a gap regarding cyber threat intelligence (CTI) sharing. The large volume and quality of data in these ICTs restrict the effective sharing of information, which justifies the construction of private TIPs. ThreatIntel is a critical asset in maintaining cybersecurity, allowing us to discover new cyber risks. However, the level of these risks is not the same in all organisations, depending on the characteristics and value of their assets. It is, therefore, essential to enrich the quality of threat intel as it allows to ascertain the quality of the rules to be implemented in an SIEM and thus improve cyber defence.
A significant advancement of the INTELLIGi project will be the development of helpful risk metrics to support CTI-based decisions enriched with quantitative evidence. INTELLIGi will provide a user-centred visualisation tool that allows an effective analysis of how the different threats discovered contribute to the organisation’s cyber risk, from the operational to the strategic level.
Funding Entity: FCT – SR&TD Projects on Artificial Intelligence, Data Science and Cibersecurity of relevance to the Public Administration, funded by the PRR in alignment with the objectives of Component 5 – “Investment and Innovation”, within the scope of “RE-C05-i08 – More Digital Science”, measure “RE-C05-i08.M04”.
Funding Entity
FCT | PRR- Portuguese Resilience and Recovery PlanReference
2024.07506.IACDCStart Date
01/04/2025End Date
31/01/2026Coordinator
Ana Luísa RespícioPartners
Faculdade de Ciências da Universidade de LisboaPrincipal Investigator at LASIGE
Ana Luísa RespícioTeam at LASIGE
- Ana Luísa Respício
- Ana Paula Afonso
- Hugo Miranda
- Ibéria Medeiros
- Maria Beatriz do Carmo
- Pedro Ferreira