Your comprehensive reference for cyber threat intelligence terminology. Explore definitions of malware families, APT groups, attack techniques, and security concepts.
Showing 14 entries in General
Clear filtersA mature CTI program moves beyond blocking IPs (Tactical) and focuses on hunting TTPs (Operational).
Open Source Intelligence (OSINT) is the practice of collecting data from publicly available sources to be analyzed and used for intelligence purposes. In the context of Cyber Threa...
How to analyze a phishing email. Learn to inspect email headers, analyze malicious attachments, and safely handle suspicious URLs.
In the early days of CTI, analysts shared Indicators of Compromise (IOCs) via PDFs and spreadsheets. This manual process is too slow for modern defense. By the time an analyst manu...
Developed by Lockheed Martin, the Cyber Kill Chain was one of the first frameworks to define the stages of a cyber intrusion. It is based on military concepts and remains a vital m...
While the Cyber Kill Chain focuses on the stages of an attack, and MITRE ATT&CK focuses on the behaviors, the Diamond Model focuses on the relationships.
The Intelligence Cycle is the foundational framework used by government agencies and cybersecurity teams to turn raw data into actionable insights. Following this cycle prevents th...
Threat Hunting is the proactive search for cyber threats that are lurking undetected in a network. Unlike Incident Response, which reacts to an alert, hunting starts with an assump...
A Threat Intelligence Platform (TIP) is a software system used to aggregate, correlate, and analyze threat data from multiple sources. It acts as the "brain" of the CTI operations,...
In the Intelligence Cycle, the Dissemination phase is critical. However, not all intelligence is meant for public consumption. Sharing a sensitive report about a nation-state actor...
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
Vulnerability Intelligence is the process of analyzing software vulnerabilities not just by their technical severity (CVSS score), but by their likelihood of exploitation and adver...
Move from reactive to proactive security. Learn the definition of Cyber Threat Intelligence (CTI), the three main types of intelligence (Strategic, Operational, Tactical), and why ...
