Chapter 02: Using Threat Intelligence Flashcards
What is the most important aspect of a threat intelligence feed?
Timeliness, relevancy, and accuracy.
What is STIX?
Stands for Structured Threat Information Expression (STIX). It is an XML language originally sponsored by the U.S. Department of Homeland Security. It defines 12 STIX domain objects, including things like attack patterns, identities, malware, threat actors, and tools. It is used to help manage threat indicator feeds.
What is TAXII?
Stands for Trusted Automated Exchange of Indicator Information (TAXII) protocol. It works as a companion to STIX to allow cyberthreat information to be communicated at the application layer via HTTPS.
What is OpenIOC?
Stands for Open Indicators of Compromise (OpenIOC) and it is an XML based framework for help manage threat indicator feeds, just like STIX.
What parts make up the threat intelligence cycle?
Requirements Gathering, Threat Data Collection, Threat Data Analysis, Threat Intelligence Dissemination, and Gathering Feedback.
What is an ISACs?
Stands for the Information Sharing and Analysis Centers (ISAC). It is an organization that shares threat information. There are different ISACs set up for different industries, such as the healthcare ISAC, financial services ISAC, and the aviation ISAC.
What is STRIDE?
It is Microsoft’s threat classification model. It stands for: Spoofing of user identity, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.
What is the ATT&CK Framework?
It is a framework created by MITRE, which stands for Adversarial Tactics, Techniques, and Common Knowledge.
What are the 7 stages of the Lockheed Martin Cyber Kill Chain?
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objective.
Know the Diamond Model of Intrusion Analysis, as well as the specific terms.
Core features are the victim, capability, infrastructure, and adversary.
What is the Unified Kill Chain?
It is a combination of the Lockheed Martin Cyber Kill Chain and the MITRE’s ATT&CK framework to create an 18 phase model.
What is the CVSS?
Stands for Common Vulnerability Scoring System (CVSS). Scoring system for vulnerabilities.