Open source intelligence gathering and cyber security incident data visualisation

Cyber security incidents have affected organisations from various industries. Malicious actors aim to cause monetary damage, destroy data records or even damage the reputations of the organisations. Organisations need to secure their vulnerable systems with a robust cyber security implementation. These organisations require recommendations from cyber security experts to select a cyber security solution that suits their needs, thus preventing or lowering the impact of further incidents. This report documents the solution that has been created to gather and conduct analysis on cyber security incidents. The objective of the solution is to gather data from multiple different sources and compiling it for further analysis. Many different naming conventions have been used by the data sources which must be parsed, based on a taxonomy, to reference the same schema. Subsequently, all the gathered data is stored into the database. An application with a graphical user interface is used to interact with the database and cyber security incident data can be retrieved for analysis. The results of the analysis can be visualised as graphs with the same application. Data analysis methods such as clustering and linear regression can be visualized as well. Inferences from the visualisations could therefore be made by analysts. Recommendations which are derived from the inferences could be provided to organisations and businesses affected by cyber security attacks. Informed decisions on the type of cyber attacks to defend against could be made by following the recommendations.