Activity background

According to the Gartner Definition , Threat Intelligence refers to the threat and danger of emerging or new assets 、 Evidence based information , Including scenarios 、 Mechanism 、 indicators 、 Impact and feasible suggestions , It can be used to inform enterprises to make decisions against relevant threats or dangers .

From the collection of intelligence 、 Handle 、 analysis 、 Pass on , To feedback strategies , Every link needs a lot of knowledge mapping and powerful technology “ backing ” brace .

As a deep cultivation of network security 20 Tencent security for more than years , Combined with many years of experience in the production of black ash , Has formed a strong ability of data processing and automatic analysis , At present, it has helped hundreds of enterprises in many industries to respond quickly 、 Against different levels of cyber risk , Establish network security threat information （ Hereinafter referred to as “ Threat information ”） Response system .

The purpose of the activity is

The cyber security threat information sharing program is TSRC Help Tencent security （ hereinafter referred to as “ The organizers ”） Emergency response information sharing activities in the security industry （ The following will also be “ Network security threat information sharing program ” Referred to as “ Activities ”）, In order to realize the co construction and sharing of security defense , Respond quickly to major security threats .

One 、 Membership of access activities

1、 Internal safety practitioners of enterprises

2、 Enterprise external security service personnel

Two 、 Membership interests

Members admitted to the event , Such as activity members （“ you ”） Get access and participate in activities , The following benefits can be obtained during the activity period ：

1、 Threat information ;

2、 You can apply for the ability of asset exposure surface detection and vulnerability detection ;

3、 Activity period , You can get access to the advanced threat traceability system （ among , Enterprise internal safety practitioners can query the highest daily 200 Time , Enterprise external security service personnel can query up to 10 Time ）;

4、 You can get threat information shared by other event members and reviewed by the organizer （ You can view the relevant threat information through the online document of the activity , Including during the event , The attacker identified by the sponsor ip、webshell/ sample 、 The attacker's anti company ip And domain names, etc ）.

3、 ... and 、 Activity time

The time of the activity is 2021 year 3 month 22 It's zero o'clock 2021 year 5 month 10 Zero hour of the day .

Four 、 Reward rules

Activity period , Members of the event can obtain points by providing threat information in accordance with the points calculation rules to the organizer , At the end of the activity, prizes will be offered according to the ranking of the members . The specific rewards and rules are as follows ：

1、 Integral Statistics

By Tencent security advanced threat traceability system operation statistics , Every morning 10 Click to publish the current score and ranking of the members of the activity .

2、 Integral calculation rules

Points are only calculated for the active members who submit threat information for the first time , And the submitted threat information is actually used during the activity .

The calculation rules of different types of threat information are ：

• Effectively submit an attacker identified by the sponsor's logo ip product 1 branch , Submit to the attacker ip The heat level should be submitted at the same time 、 The alarm information 、 Evidence of attack ;
• Effectively submit a webshell/ Sample product 10 branch , Submit webshell/ Samples should be submitted with evidence ;
• Effectively submit an attacker's anti company confirmed by the host's logo ip Or domain product 50 branch , Submit the attacker's anti company ip Or domain name .

notes ： The above types of threat information should be analyzed by the sponsor analysts , The analysis results show that the threat information you submitted belongs to this type, which is considered as effective submission .

3、 Integral action

1） Get the prize according to the final ranking of points   

After the event , According to the result of the points, the organizer will give the points to ≥100 Points and top 10 The corresponding prizes are as follows ：

In addition to the top 10 Outside the event members , The organizer will give more points than 50 Sub members of the event issued Tencent security perimeter （ Tencent security doll ） One copy , The number of awards is limited to 200 Share .

notes ：

If the integral is the same , It will be sorted again according to the number of effective threat information submitted by active members .

The final ranking of points will be announced and the prize will be distributed at 2021 year 5 month 18 solstice 2021 year 5 month 25 Japan , During this period, the organizer will mail （ Free mail only in mainland China ） Prize , The specific time when you receive the prize is subject to the logistics transportation time .

The organizer will check the prizes before sending them , Guarantee that there is no damage to the prize , In case of damage during delivery , Please contact the logistics company to discuss the compensation , The organizers will provide the necessary assistance .

2） As the integral increases , Can automatically increase the number of advanced threat traceability system usage

Activity period , The integral per product of the active members 50 branch , The number of daily queries of the member's advanced threat tracking system account will automatically increase 10 Time , Background automatic upgrade permissions .

5、 ... and 、 Obligations and rules of members

1、 All event members are required to agree and comply with 《 Threat information sharing program activity member rules 》（ See Appendix for details ） All the rules of , If there is any violation of law or regulations or violation of 《 Threat information sharing program activity member rules 》 act , The organizer has the right to cancel the participation qualification of the members of the event immediately and dismiss them . After retirement , Members of the event will no longer be entitled to membership , No right to participate in bonus points .

2、 In order to ensure the normal development of the activity , During the event, each member of the event should actively submit threat information , For example, more than 5 Japan did not submit threat information , The organizer has the right to disqualify the members of the event and dismiss them . After retirement , Members of the event will no longer be entitled to membership , No right to participate in bonus points .

6、 ... and 、 Activity participation mode

Email application

Use enterprise email , Fill in the following information ：

To the organizer's administrator email , The title of the email is 【 Apply to join the threat information sharing program 】

Add wechat after approved by the organizer administrator , After confirming the information, pull into the activity group .

The applicant should guarantee that all the information submitted is true 、 legal 、 Valid personal information .

Administrator mailbox ： [email protected]

appendix ： Threat information sharing program activity member rules

This rule is for all threat information sharing program activities （ hereinafter referred to as “ Activities ”） Rules to be followed by all members , You join the event group 、 Any participation such as submitting threat information is deemed that you have read and agreed to this rule . If you have anything in violation of this rule , Tencent will have the right to unilaterally disqualify you from participating in the event 、 Awarding qualification, etc , If you have any violations , You have to bear all the legal responsibilities by yourself .

One 、 specific requirement

1、 The members of the activity should meet the requirements of the activity ;

2、 Not to publish 、 Submit 、 Dissemination of illegal or improper information , No improper content such as virus links shall be published in the active group ;

3、 Not to submit 、 Use 、 Publish or disseminate threat information without the consent of the obligee ;

4、 It is not allowed to submit or publish the target of attack and specific system vulnerabilities ;

5、 Do not publish others or products 、 Specific vulnerability risks of services ;

6、 It is not allowed to publish malicious sample files in the active group ;

7、 Do not obtain threat information through illegal means or publish threat information from illegal sources ;

8、 Do not release threat information or any information in the activity group to any person other than the organizer without authorization ;

9、 There must be no violation of laws and regulations 、 Rules and regulations 、 Regulatory policies and other violations of good faith 、 Public order and good custom 、 fair 、 Justice and other principles ;

10、 Without the written consent of the organizer , It is not allowed to disclose any information obtained from this activity to others without authorization ;

11、 Without the written consent of the organizer , No speech shall be made in the name of any member of the event or in the name of the event 、 Do anything .

Two 、 This rule is valid for

From the day you become a member of the event , These rules are legally binding on you .

You understand and agree that , Even if this activity ends , You shall still keep confidential any information you learn from participating in this activity , It shall not be provided to others or made public without the consent of the organizer .

—— Tencent security