Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Operationalizing Threat Intelligence
  • Table Of Contents Toc
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

By : Kyle Wilhoit, Joseph Opacki
4.6 (14)
close
close
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

4.6 (14)
By: Kyle Wilhoit, Joseph Opacki

Overview of this book

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps. In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence. By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
Table of Contents (18 chapters)
close
close
1
Section 1: What Is Threat Intelligence?
6
Section 2: How to Collect Threat Intelligence
12
Section 3: What to Do with Threat Intelligence

Analysis

The analysis stage of the intelligence life cycle is where any threat activity is analyzed. Once the data has been centralized in a standardized way, the byproduct can be analyzed and curated. For example, the analysis stage includes deduplication, admiralty scoring, pivots, and enrichment to be actionable to departments across the organization, such as the SOC or incident response. During this stage, the bulk of the analysis goes into threat intelligence generation.

To understand the analysis phase of the intelligence life cycle, let's examine an in-depth case study from start to finish using freely available tools. While there are many scenarios where threat intelligence can be used during SOC-identified incidents, this example will focus on only one possible outcome.

For this example, let's act as though the SOC within Ozark International Bank has identified a suspicious file on an endpoint. The file, named $77-Venom.exe, has a SHA256 hash of 5b5e82e79c52452b2d03a4fa83b95bbeec8a4b1afd97edd9999a77d26f548...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Operationalizing Threat Intelligence
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon