Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Using MISP in an air-gapped environment Design
  • Building a MISP Threat Feed Aggregator Blog
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting Frameworks
  • Hardening TheHive4 and Cortex for public deployment Build
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Using the Course of Action Taxonomies in MISP MISP - Open Source Threat Intelligence Platform

What is Cyber Threat Intelligence?

Posted on September 5, 2020 By A.McHugh No Comments on What is Cyber Threat Intelligence?

Intelligence is the enrichment of data or information, its classification and publication by experts within a field. The resultant output is ordinarily a qualitative assessment backed by quantitative metrics, or absolutes which formed part of the data or information it was derived from.

In terms of Cyber Threat Intelligence, this goes beyond the extraction of IOCs, strings, and the generation of cryptographic hashes, and fuzzy hashing – this is the correlation of events, actors, methods, and motives to generate Threat Intelligence which aims to describe the objectives, motives, capability and perhaps the identity of a threat actor.

The relationship between data, information and intelligence is largely heirarchial. Data exists in very large quantities and can generally be found everywhere, but not a lot of it is actually useful.

Information is generally a collection of data, but it contains meaningful data and states facts in terms of who, what, when, how for an action.

Intelligence is the interpretation of the information aimed at providing in-depth understanding and knowledge of the subject matter. This understanding and knowledge in this sense is used to support decision making and response actions.

Generally, as data becomes information, and information becomes intelligence, the volume of material which constitutes each layer becomes smaller and smaller, yet the value of the content increases.

This is generally where governments and organisations begin classifying their data, information and intelligence to appropriately protect the enrichment of this content to protect their investment in the process, but also protect the decision making rationale which was influenced by that intelligence.

In terms of Cyber Threat Intelligence, this process is aimed at converting unknown threats, into known threats, and identifying potential solutions and mitigation techniques to those now known threats.

Related

Blog Tags:Threat Intelligence

Post navigation

Previous Post: Building a MISP Threat Feed Aggregator
Next Post: Exporting Maltego Graphs to MISP

Related Posts

  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • OSINT for Threat Intelligence Blog
  • Building a MISP Threat Feed Aggregator Blog

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

seventeen + four =

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • OSINT for Threat Intelligence Blog
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Deploying (and using) TheHive4 [Part 1] Build
  • Feeding Analysis Information Leak (AIL) Framework AIL Framework
  • Building CCCS’ AssemblyLine for Static Analysis Static Analysis
  • An Introduction to Threat Intelligence Threat Intelligence
  • Using the workflow taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Using the Course of Action Taxonomies in MISP MISP - Open Source Threat Intelligence Platform

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme