Threat intelligence transforms raw data into actionable insights.
Types of intelligence
- Strategic: High-level trends for executives and board.
- Tactical: TTPs (tactics, techniques, procedures) for security teams.
- Operational: Specific campaigns and threat actor activity.
- Technical: Indicators of compromise (IOCs) - IPs, domains, hashes.
Intelligence cycle
- Requirements: Define what intelligence is needed.
- Collection: Gather data from internal/external sources.
- Processing: Normalize and enrich raw data.
- Analysis: Identify patterns and assess impact.
- Dissemination: Share intel with stakeholders.
- Feedback: Refine based on effectiveness.
Sources
- Commercial feeds (Recorded Future, Mandiant).
- Open-source (MISP, AlienVault OTX).
- ISACs (Information Sharing and Analysis Centers).
- Internal telemetry and incident data.
Related Articles
View all articlesHow to Use Claude Code From Your Phone With /remote-control
Claude Code's Remote Control feature lets you steer a coding session running on your machine from your phone, tablet, or browser. Here's how to set it up, when it beats Claude Code on the web, and the security model behind it.
Read article →How to Recover an Accidentally Closed Claude Code Session
Closed your Claude Code terminal by accident? Your conversation isn't gone. Learn how to resume it with claude --continue and --resume, where transcripts are stored on disk, and how to reopen the closed terminal window itself on macOS and Windows.
Read article →Gemini CLI Is Being Retired on June 18 — Meet Antigravity CLI
Google is deprecating Gemini CLI and moving developers to the new Antigravity CLI on June 18, 2026. Here's what's actually changing, who's affected, the CI/CD landmine to watch for, and how to migrate before your scripts break.
Read article →Claude Code's Security-Guidance Plugin: Shift-Left Security That Fixes Code as You Write It
Anthropic's free security-guidance plugin makes Claude Code review and fix vulnerabilities in the same session. Here's what it catches, how to install it, and how to roll org-wide rules across your team.
Read article →Explore More Threat Intelligence
View all termsAdvanced Persistent Threat (APT)
A sophisticated, long-term cyberattack where an intruder gains unauthorized access and remains undetected for an extended period to steal data or cause damage.
Read more →Credential Stuffing
An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts on other services.
Read more →IP Reputation
A trustworthiness score (0-100) assigned to IP addresses based on observed malicious behavior, spam activity, and threat intelligence data.
Read more →Keylogger
Malicious software or hardware that secretly records keystrokes to capture passwords, credit card numbers, and other sensitive information typed by users.
Read more →Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.
Read more →Phishing
A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.
Read more →