Introducing CTIG’s “ActorTrackr”


LookingGlass Cyber Solutions’ Cyber Threat Intelligence Group (CTIG) has created an (TTP).  The repository is composed of information extracted from a diverse set of publicly available source material such as vendor reports and blogs.

The intent behind this effort is to be able to provide a centralized location where organizations can share data.  LookingGlass has decided to open source the application called “ActorTrackr,” which includes a substantive data set for public consumption, so that any organization can share threat data once they have installed the app.  While there is currently a substantive amount of data being stored, the utility of the information will only increase with the participation of other stakeholders willing to not only contribute to it, but also serve in a peer review capacity by helping correct any inconsistencies and errors in the data already loaded.

As the dynamic cyber threat landscape continues to evolve, so must our information sharing processes in order to make the threat data operational, and therefore, actionable. It is no longer sufficient to provide information via a document, spreadsheet, or e-mail message. Reducing the time that it takes an organization to detect, mitigate, and recover from a threat in its enterprise is essential to making it more adept in managing risk and making it more resilient.

“ActorTrackr” is the next evolution of sharing both technical and contextual threat data by serving as the central repository of actor information.  “ActorTrackr” benefits from storing various public sources of data like APTNotes and the APT Groups and Operations spreadsheet.  However, while those sources have done a commendable job collecting data, they have been less successful in managing it, and more importantly, aggregating it.

The app allows all organizations that join the consortium to contribute, modify, read, and search all holdings.  The very nature of this capability can serve as the base from which further collaboration and partnership among stakeholders can occur.  What’s more, the “ActorTrackr” can contribute to improving an organization’s understanding of its own unique threat environment by providing the threat information pertinent to its interests.  How threat information is integrated into an organization can happen in different functional areas, but such integration can only happen once that information is received and digested.