Cyber Threat Intelligence Glossary

CTI Knowledge Base

Your comprehensive reference for cyber threat intelligence terminology. Explore definitions of malware families, APT groups, attack techniques, and security concepts.

Browse Alphabetically

All A B 1 C 3 D 3 E F G 1 H I 4 J K L 1 M 1 N O 1 P 2 Q R 1 S 2 T 7 U 1 V 1 W 1 X Y 2 Z

Filter: All Categories Attack Techniques (4) Compliance & Standards (2) Defense & Detection (8) General (14) Threats (2) Tools & Frameworks (2)

General 96

The Cyber Kill Chain: Understanding the 7 Steps

Developed by Lockheed Martin, the Cyber Kill Chain was one of the first frameworks to define the stages of a cyber intrusion. It is based on military concepts and remains a vital m...

T Read Definition

General 68

The Diamond Model of Intrusion Analysis

While the Cyber Kill Chain focuses on the stages of an attack, and MITRE ATT&CK focuses on the behaviors, the Diamond Model focuses on the relationships.

T Read Definition

General 88

The Intelligence Cycle: How CTI is Produced

The Intelligence Cycle is the foundational framework used by government agencies and cybersecurity teams to turn raw data into actionable insights. Following this cycle prevents th...

T Read Definition

General 42

Threat Hunting Methodology: The Hypothesis Approach

Threat Hunting is the proactive search for cyber threats that are lurking undetected in a network. Unlike Incident Response, which reacts to an alert, hunting starts with an assump...

T Read Definition

General 106

Threat Intelligence Platforms (TIP): MISP and OpenCTI

A Threat Intelligence Platform (TIP) is a software system used to aggregate, correlate, and analyze threat data from multiple sources. It acts as the "brain" of the CTI operations,...

T Read Definition

Compliance & Standards 83

Threat Modeling: STRIDE and PASTA

Threat Modeling is a proactive process of identifying potential threats to a system, determining the risk they pose, and designing mitigations. Unlike CTI which often focuses on ex...

T Read Definition

General 72

Traffic Light Protocol (TLP 2.0): A Guide to Intelligence Sharing

In the Intelligence Cycle, the Dissemination phase is critical. However, not all intelligence is meant for public consumption. Sharing a sensitive report about a nation-state actor...

T Read Definition

General 93

Understanding the MITRE ATT&CK Framework

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

U Read Definition

General 62

Vulnerability Intelligence

Vulnerability Intelligence is the process of analyzing software vulnerabilities not just by their technical severity (CVSS score), but by their likelihood of exploitation and adver...

V Read Definition

General 96

What is Cyber Threat Intelligence (CTI)? A Comprehensive Guide

Move from reactive to proactive security. Learn the definition of Cyber Threat Intelligence (CTI), the three main types of intelligence (Strategic, Operational, Tactical), and why ...

W Read Definition

General 47

YARA Rules 101

Learn how to write YARA rules to detect malware. Understand the syntax

Y Read Definition

Tools & Frameworks 10

YARA Rules: Writing and Deploying Detection Signatures

Learn how to write, test, and deploy YARA rules for malware detection, threat hunting, and automated triage across files, memory, and network streams.

Y Read Definition

CTI Knowledge Base

Browse Alphabetically

Stay Updated