1.7 Flashcards
Collecting and analyzing multiple sources of intelligence data to gain a comprehensive understanding of potential security threats
Intelligence fusion
Real-time data streams containing information about known and emerging security threats, collected from various sources
Threat feeds
Updates and guidance on how to address security threats, provided by security vendors, government agencies, or open-source intelligence
Advisories and bulletins
Adapting the hunt for potential threats and vulnerabilities based on new information
Maneuver
When a vulnerability scanner flags something as a vulnerability, but it is not actually a threat
False positives
When a vulnerability is present, but the scanner fails to identify it
False negatives
Analyzing logs generated by systems and applications to detect and respond to security incidents
Log reviews
Credentialed vs. non-credentialed scans
Scanning with administrative credentials or without them. A credentialed scan provides more in-depth information on potential vulnerabilities
Intrusive vs. non-intrusive scans
Scanning that either simulates an attack or doesn’t
Scanning applications for vulnerabilities
Application scans
Scanning web applications for vulnerabilities
Web application scans
Scanning networks for vulnerabilities
Network scans
Standards for identifying, prioritizing, and reporting vulnerabilities
Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
Reviewing the configuration of systems and applications to identify potential vulnerabilities
Configuration review
Collecting and analyzing security-related data from multiple sources to detect and respond to security incidents.
Syslog/Security information and event management (SIEM)
