Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

practice > (4) Proprietary Intelligence and/Accessing Threat Intelligence > Flashcards

(4) Proprietary Intelligence and/Accessing Threat Intelligence Flashcards

1
Q

Describe closed source intelligence

A

Closed source intelligence is where an org does their own gathering of information and research, custom tools, analysis models, or other methods to obtain information

This information may be shared as paid feeds or may be held for internal use only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why use closed source intelligence instead of OSINT?

A

There are a few reasons. The org might want to keep threat data secret, they might want to license it and to keep their methods and sources as trade secrets, and they might not want threat actors to know about the data that they are gathering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When considering threat intelligence, what standards of quality need to be assessed to determine if the information should be used?

A

-Is the information timely?

-Is the information accurate?

-Is the information relevant?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe how a confidence score helps with threat intelligence data

A

A confidence score lets an organization filter and put threat intelligence data to use depending on how much it can be trusted.

Lower confidence data doesn’t mean its useless, but it shouldn’t be given too much weight either

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the six levels of confidence that ThreatConnect uses to grade threat intel?

A

Confirmed (90-100)

Probable (70-89)

Possible (50-69)

Doubtful (30-49)

Improbable (2-29)

Discredited (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What areas of security operations can stand to benefit from Threat Intelligence Sharing?

A

-Incident Response

-Vulnerability Management

-Detection and Monitoring

-Security Engineering efforts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Structured Threat Information Expression (STIX)?

A

STIX is an XML language originally sponsored by the U.S. Department of Homeland Security.

It helps share threat information through the use of objects that are related to each other by one of two STIX Relationship object models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Trusted Automated Exchange of Indicator Information (TAXII)?

A

STIX is meant to let cyber threat information be communicated at the app layer via HTTPS.

TAXII is meant to support STIX data exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Open Indicators of Compromise (OpenIOC) framework?

A

OpenIOC is XML based.

It uses the indicators from Mandiant for its base framework.

IOC metadata includes author, name, description, reference to investigation or case and information about the maturity of the IOC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

practice (77 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions