Security

Threat Intelligence

Evidence-based knowledge about existing or emerging cyber threats, including indicators, tactics, and context, used to inform security decisions.

Also known as:Cyber Threat IntelligenceCTI

What is Threat Intelligence?

Threat intelligence is evidence-based knowledge about cyber threats that helps organizations understand risks and make informed security decisions. It includes information about threat actors, their motivations, capabilities, and indicators of compromise.

Intelligence Types

Strategic

  • High-level trends
  • Threat landscape
  • Business risk
  • Board-level reporting

Tactical

  • TTPs (Tactics, Techniques, Procedures)
  • Attacker methodologies
  • Defense planning

Operational

  • Specific campaigns
  • Attack details
  • Incident response

Technical

  • IOCs (Indicators of Compromise)
  • IP addresses, hashes
  • Machine-readable

Intelligence Sources

Open Source (OSINT)

  • Public reports
  • Blogs, forums
  • Social media

Commercial Feeds

  • Vendor intelligence
  • Premium content
  • Curated data

Government

  • ISACs
  • CISA alerts
  • FBI notifications

Internal

  • Incident data
  • Log analysis
  • Hunting findings

Intelligence Cycle

  1. Planning

    • Define requirements
    • Prioritize needs

  2. Collection

    • Gather data
    • Multiple sources

  3. Processing

    • Normalize data
    • Correlate information

  4. Analysis

    • Assess relevance
    • Draw conclusions

  5. Dissemination

    • Share findings
    • Actionable format

  6. Feedback

    • Evaluate effectiveness
    • Improve process
Previous

Temperature (LLM)

Next

Threat Modeling