Home/Glossary/Threat Intelligence

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Threat IntelligenceAlso called: "cyber threat intelligence", "cti"

Threat intelligence transforms raw data into actionable insights.

Types of intelligence

  • Strategic: High-level trends for executives and board.
  • Tactical: TTPs (tactics, techniques, procedures) for security teams.
  • Operational: Specific campaigns and threat actor activity.
  • Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.

Intelligence cycle

  1. Requirements: Define what intelligence is needed.
  2. Collection: Gather data from internal/external sources.
  3. Processing: Normalize and enrich raw data.
  4. Analysis: Identify patterns and assess impact.
  5. Dissemination: Share intel with stakeholders.
  6. Feedback: Refine based on effectiveness.

Sources

  • Commercial feeds (Recorded Future, Mandiant).
  • Open-source (MISP, AlienVault OTX).
  • ISACs (Information Sharing and Analysis Centers).
  • Internal telemetry and incident data.

Related Tools

Explore More Threat Intelligence

View all terms

IP Reputation

A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.

Read more →

URL/Domain Defanging

A technique to render URLs and IPs non-clickable by replacing characters, preventing accidental access to malicious sites.

Read more →
Back to glossary