Poster: ThreatKG - A System for Automated Cyber Threat Knowledge Gathering and Management

Open-source cyber threat intelligence (OSCTI) serves as a crucial resource for understanding cyber threats. However, little effort has been made to harvest knowledge from unstructured OSCTI reports from publicly available sources (e.g., technical reports, security blogs, and news articles). These reports provide comprehensive threat knowledge in various entities (e.g., IOCs, threat actors, TTPs) and relations (e.g., usage, indication, mitigation). However, these entities and relations are hard to gather due to diverse report formats, large report volumes, and complex structures and nuances in the natural language report text. To bridge the gap, we propose THREATKG, a system for automated open-source cyber threat knowledge gathering and management. THREATKG autonomously collects OSCTI reports from various sources, extracts high-fidelity threat knowledge, constructs a large threat knowledge graph, and continuously updates the graph by continuously ingesting new knowledge.