Skip to main content
Home/Glossary/Threat Intelligence

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Threat IntelligenceAlso called: "cyber threat intelligence", "cti"

Threat intelligence transforms raw data into actionable insights.

Types of intelligence

  • Strategic: High-level trends for executives and board.
  • Tactical: TTPs (tactics, techniques, procedures) for security teams.
  • Operational: Specific campaigns and threat actor activity.
  • Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.

Intelligence cycle

  1. Requirements: Define what intelligence is needed.
  2. Collection: Gather data from internal/external sources.
  3. Processing: Normalize and enrich raw data.
  4. Analysis: Identify patterns and assess impact.
  5. Dissemination: Share intel with stakeholders.
  6. Feedback: Refine based on effectiveness.

Sources

  • Commercial feeds (Recorded Future, Mandiant).
  • Open-source (MISP, AlienVault OTX).
  • ISACs (Information Sharing and Analysis Centers).
  • Internal telemetry and incident data.

Related Tools

Related Articles

View all articles
📄

Grok vs Regex: What's the Difference and When to Use Each

Grok vs regex isn't a fight. Grok IS regex with a reusable naming layer for log parsing. Here is when to reach for each and how to convert between them.

Read article →
📄

How to Fix _grokparsefailure: Debugging Grok Patterns Step by Step

_grokparsefailure tells you a grok pattern failed but not why. Here are the 7 most common causes and a step-by-step method to pinpoint and fix each one.

Read article →
📄

Grok Pattern Examples for Common Log Formats (Nginx, Apache, Syslog, and More)

Copy-paste grok patterns for Nginx, Apache, syslog, Java, AWS ELB, HAProxy, Postgres, IIS, Docker and more — every one tested against a real sample log.

Read article →
📄

Train a Neural Network in Your Browser (No Code Required)

Learn how neural networks actually work by training one yourself — right in your browser. No Python, no installs, no math degree. Watch backpropagation and gradient descent happen live, then quiz your trained model.

Read article →

Explore More Threat Intelligence

View all terms

Advanced Persistent Threat (APT)

A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.

Read more →

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.

Read more →

IP Reputation

A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.

Read more →

Keylogger

Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.

Read more →

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

Read more →

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Read more →
Back to glossary