From the course: Complete Guide to Open Source Security

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Exchanging threat intelligence

Exchanging threat intelligence

From the course: Complete Guide to Open Source Security

Start my 1-month free trial Buy for my team

Exchanging threat intelligence

- [Instructor] Cyber threat intelligence is an important source of information for a security operations center. It can be provided as an automated operational data feed into detection systems such as firewalls and IDS, and it can come in the form of strategic reports on adversaries, their campaigns, and the techniques and malware tools they use. The MITRE ATT&CK site is one of the main information sources which we can browse for threat intelligence, and we've seen tools like Wazuh referring to it in their detection reporting. With cyber attacks occurring both at speed and at scale, threat intelligence is at its most useful as soon as it's created. By acting on threat intelligence at the earliest possible time, we have the maximum chance of preventing an attack rather than having to recover from one. For this reason, national authorities, typically the central computer emergency response teams, have encouraged the use of information sharing. This has resulted in the development of a…

Contents