Tweetdeck for Cybersecurity: Building a Tweetdeck Dashboard for Real-Time Threat Intelligence
How to optimize Tweetdeck to efficiently monitor threats
Introduction
On average, I spend at least an hour of my day on Twitter. One of my favourite sects of Twitter is #infosecTwitter. It is a great way for me to keep up with the latest happenings in cybersecurity while having fun. However, there is a lot of information to process at once (over 5000 tweets are sent out per second).
TweetDeck is a great way for me to sort through all that information and prioritize what is important to me. It allows users to view multiple timelines in one easy-to-read interface. With Tweetdeck, I can streamline what shows up on my timeline making it easier to follow trends and my favourite tweeps. This tool is perfect for threat intelligence as it allows for real-time security events. In this article, I'll explain how to set up a Tweetdeck dashboard, how to create search strings and how to use Lists.
Setting up Tweetdeck
To start, you need an active Twitter account. For the purpose of this article, I'm using a burner account. Tweetdeck allows you to separate decks so you can use your personal account and create different decks for your interests.
I created the deck above for this article. Each column dashboard monitors (from left to right) tweets from my favourite infosec accounts, patch releases, browser vulnerabilities and any tweets about cybersecurity or information security.
How to create search queries
To add a search query, select your preferred deck and click on the Add Column button.
From the menu, choose Search. This provides a field to input your search queries.
You can build queries to look for specific events or just do a broad search. Inputting #cybersecurity returns tweets that contain the hashtag. For more specific searches, you need to employ boolean operators AND & OR.
The above search query returns tweets with any of the specified hashtags.
The above search query returns only tweets with both of the specified keywords.
Search queries can get more complex. These operators can get confusing. Enter Filters; these allow you to include and exclude keywords which automatically generate a corresponding search query. In the query below, I want to see tweets that contain the word "patch" and any of the following: "bug", "cve" or "zeroday". But I want tweets with "Microsoft" excluded
To get this search query, I inputted the keywords I want to show up on my feed in the Include field and the keyword I don't want in the Exclude field.
Note: The boolean operators are case-sensitive and must be written in uppercase.
How to use Lists
I, like many others, subscribe to newsletters but fail to read them consistently. With Lists, I curate a feed with my preferred infosec media outlets so I can see news as they drop. Lists don't have to be limited to news accounts, you can also add accounts whose tweets you don't want to miss!
To create a list, click Add Column and select Lists. Create a new list and input any name and description of your choosing.
You can make your list private (only you can see it) or public (any Twitter user can see it).
Conclusion
Threat intelligence is an ongoing process and requires continous learning and adaptation to stay ahead of evolving threats. Creating a customized Tweetdeck can go a long way in elevating your threat intelligence gathering process. By efficiently monitoring relevant sources and constantly updating your dashboard with critical information, you can stay ahead of potential threats and better protect your organization from cyber-attacks.
