TI and TVM – how important are they?
TVM analyzes vulnerabilities within the organization and processes how to patch those vulnerabilities. In the world of SIEM/SOAR, we will speak mainly about CVE, which refers to vulnerabilities that can be found connected to our systems and machines and can be compared with additional information.
TI, or threat intelligence, is information that can point us to potential threats inside our systems. It can contain information about threat actors, tactics and techniques, observations about IP, hosts, URLs, and so on. TI information is collected, processed, and analyzed to help organizations understand what could be the possible next step attackers make, as well as what their final motive is if they have one. When we speak about SIEM/SOAR and TI, we are mainly referring to Indicators of Compromise (IoCs), such as IP addresses, file hashes, and URLs. That information is ingested into the system and compared with other available data.