Threat IntelligenceAlso called: "cyber threat intelligence", "cti"
Threat intelligence transforms raw data into actionable insights.
Types of intelligence
- Strategic: High-level trends for executives and board.
- Tactical: TTPs (tactics, techniques, procedures) for security teams.
- Operational: Specific campaigns and threat actor activity.
- Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.
Intelligence cycle
- Requirements: Define what intelligence is needed.
- Collection: Gather data from internal/external sources.
- Processing: Normalize and enrich raw data.
- Analysis: Identify patterns and assess impact.
- Dissemination: Share intel with stakeholders.
- Feedback: Refine based on effectiveness.
Sources
- Commercial feeds (Recorded Future, Mandiant).
- Open-source (MISP, AlienVault OTX).
- ISACs (Information Sharing and Analysis Centers).
- Internal telemetry and incident data.
Explore More Threat Intelligence
View all termsIP Reputation
A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.
Read more →Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.
Read more →Phishing
A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.
Read more →URL/Domain Defanging
A technique to render URLs and IPs non-clickable by replacing characters, preventing accidental access to malicious sites.
Read more →