RainForest Co., Ltd. (Headquarters: Suginami-ku, Tokyo; Representative Director: Akichiro Okada; hereinafter 'RainForest') is pleased to announce that its domestically developed cyber threat intelligence service, 'Senda-Nexus,' has won the Special Jury Award in the Security (Threat Intelligence) category of the 'Interop Tokyo 2026 Best of Show Award.'
Senda-Nexus is a threat intelligence service that analyzes the risks and behaviors of IP addresses based on actual attack activities observed through Darknet and honeypots independently built and operated by RainForest, rather than relying solely on external blacklist information. It supports decision-making for SOCs and CSIRTs by not only identifying whether an IP address is malicious but also revealing 'what that IP is actually doing.'
Additionally, RainForest has released 'opencti-osint-stack' on GitHub, an environment that enables step-by-step integration of the open-source threat intelligence platform 'OpenCTI' with public OSINT and Senda-Nexus threat data.
https://github.com/rainforest-tokyo/opencti-osint-stack
This environment allows users to first verify threat data collection, integration, correlation, and visualization using public OSINT. By further integrating Senda-Nexus, users can view on OpenCTI RainForest's proprietary observation data from Darknet and honeypots, recent attack sessions, attack commands, risk assessments, and MITRE ATT&CK-related information, enabling informed decisions on monitoring, investigation, and blocking.
About the Interop Tokyo 2026 Award
The 'Interop Tokyo Best of Show Award' is an award where a jury composed of experts from media organizations and academia evaluates products and services entered by exhibiting companies. Finalists are selected through preliminary reviews, and winners are determined after final judging during the event.
Senda-Nexus combines RainForest's proprietary cyber-attack observation environment with AI analysis to transform observed data on source IP addresses into actionable threat intelligence for SOC and CSIRT response decisions.
In addition to identifying whether an IP address is malicious, Senda-Nexus provides the following information:
- Observation status in Darknet and honeypots - Targeted ports and services - Observed attack commands and exploit paths - Inferred attacker roles and objectives - Risk scores, severity, and confidence levels - Recommended actions such as monitor, investigate, and block - Correlation with MITRE ATT&CK tactics and techniques
RainForest will continue to enhance its threat intelligence based on real attack observations and further promote practical applications within SOCs and CSIRTs, motivated by this award.
OpenCTI Environment for Gradual Integration of Public OSINT and Proprietary Observation Data
RainForest has released 'opencti-osint-stack' on GitHub, enabling users to build OpenCTI with multiple OSINT connectors using Docker Compose.
OpenCTI is an open-source platform designed to structure, store, organize, and visualize technical and non-technical information related to cyber threats.
With this released environment, public OSINT can be ingested into OpenCTI, allowing centralized management of information such as IP addresses, vulnerabilities, malware, and attack infrastructure.
The public repository includes not only OpenCTI itself but also OSINT connectors available for free or within free usage tiers, along with optional configuration files for integrating Senda-Nexus.
Users can start with a verification environment centered on public OSINT and later add RainForest's proprietary observation data and attack session analysis as needed.
Two-Stage Usage Configuration
1. Free OSINT Configuration
Even without a Senda-Nexus subscription, users can begin building and verifying a threat intelligence foundation by combining OSINT services available for free or within free usage tiers.
Main use cases include:
- Collection and centralized management of multiple OSINT sources - Correlation of IP addresses and vulnerability information - Management of observables and indicators - Structuring threat data based on STIX - Learning, verification, and PoC of threat intelligence operations - Prototyping investigation environments for SOC and CSIRT
Instead of checking individual OSINT services separately, users can consolidate and view information around the same IP address or threat entity within OpenCTI.
2. Senda-Nexus Integration Configuration
By integrating Senda-Nexus, users can access not only external evaluations from free OSINT but also attack activity data observed by RainForest.
Key additional information includes:
- Observation data from Darknet and honeypots - Attack trends over a recent period - Recent attack sessions - Destination ports, protocols, and attack commands - Risk tags such as Web Exploit or Shell Access - Targeted products and frameworks - Mapping to MITRE ATT&CK tactics and techniques - Decision-support information such as monitor, investigate, and block
This enables users to verify not only whether an IP is flagged as malicious in external OSINT but also what specific activities it is conducting, supporting more informed response decisions.
Structuring Observation Logs as Attack Techniques
Senda-Nexus's Enrichment Live feature allows users to view individual attack sessions observed for a target IP.
In this sample, attack traffic via HTTP, commands using BusyBox or Unix Shell, and exploit paths targeting web applications have been extracted.
Furthermore, the observed results are mapped to the following MITRE ATT&CK techniques:
- T1059.004 Unix Shell - T1059.008 Network Device CLI - T1190 Exploit Public-Facing Application
This enables not just storing observation logs but also organizing insights into the techniques attackers use and their intended targets.
Background of the Release
Threat intelligence operations require collecting data from multiple sources, standardizing formats and notations, and verifying relationships between data points.
However, some organizations find it difficult to introduce commercial services or large-scale platforms from the outset.
RainForest believes there is a need for an environment where organizations can first build a data collection and analysis environment using free OSINT on OpenCTI to practically test threat intelligence operations.
For those requiring more detailed attack activity verification, integrating Senda-Nexus enables advanced analysis leveraging actual observation data.
FACT BOX
- Source: PR TIMES
- Category: 受賞
- Dates in source: Interop Tokyo 2026
- Products / services: Senda-Nexus / opencti-osint-stack