UNI-CERT: A Unified Computer Emergency Response Teams Model for Malware Information Sharing Platform

Sharing and exchanging information on threats and incidents among Educational institutions is a significant block of the cybersecurity strategy in the Educational sector in Jordan. Usually, this security workflow (receiving Indicators of compromise (IoCs), checking traffic, and blocking harmful traffic) is processed manually. Thus, the workload of the workflow becomes a lot heavier as the number of IoCs increases. In this paper, we propose an automated system for the efficient indicator to store, normalize, correlate, and share IoCs of targeted attacks, threat intelligence, educational fraud information, and vulnerability information handling by combining Trusted Automated Exchange of Indicator Information (TAXII) and Systematic Threat Information Expression (STIX). As the system receives indicators in STIX format, it modifies them and updates network configuration dynamically to block traffic to malicious hosts.