Threat Modeling and Threat Intelligence System for Cloud using Splunk

Threat modeling is one of the traditional mechanisms used for finding the potential threats in a system. Majority of the existing threat models rely on the possible ways of modeling attacks. This work proposes a combination of both threat modeling and threat intelligence for cloud systems using Splunk towards developing a comprehensive model. The existing cloud threat models rely on the types of attacks that are possible at certain phases of the system. The combined system proposed here is a granular model, that helps in capturing the potential threats based on the attacker's behavior after a data breach. The threat intelligence module existing in the system will help identify live threats. The integrated plugin which combines both the adversarial threat model and threat monitoring dashboard were able to categorise and monitor the activities happening in the cloud using Splunk.