Intelligence Reporting and Dissemination IMG

Question 1

Define Threat Intelligence Reports

Answer 1

Threat intelligence reports are prose documents that include details about various types of attacks, TTPs, threat actors, systems, and information being targeted. These reports include information related to threats that have been collected, aggregated, transformed, analyzed, and enriched to provide actionable contextual intelligence for organizations’ decision-making processes

Question 2

What are the types of threat reports ?

Answer 2

1. Threat Report Analysis Report
   
   1. Attack centric
      
      1. About -> threat group, location, intention, motivation
      2. What they use/detection -> Tactics, tools, Indicators
      3. About target -> Industry, location, Vulnerability
      4. Impact ->
      5. Analytics -> Any corelations, predictions
2. Threat Landscape Report
   
   1. Business
   2. Risk
   3. Industry
   4. Organization

Question 3

Generating Concise Reports

Answer 3

Question 4

Threat Intelligence Report Template

Answer 4

Question 5

Overview of Dissemination

Answer 5

Question 6

Preferences for Dissemination

Answer 6

Question 7

Benefits of Sharing Intelligence

Answer 7

Question 8

Building Blocks for Threat Intelligence Sharing

Answer 8

Question 9

Establish Information Sharing Rules

Answer 9

Question 10

Information Sharing Model

Answer 10

Question 11

Information Exchange Types

Answer 11

Question 12

TI Exchange Architectures

Answer 12

Question 13

Intelligence Sharing Best Practices

Answer 13

Question 14

Why Sharing Communities are Formed?

Answer 14

Threat intelligence sharing community is a network of organizations that exchange intelligence between them.

Sharing communities may be a public–private partnership or industry-to-industry partnership.

The threat intelligence sharing communities are formed for various reasons:

1. Enhanced depth and breadth of insight
2. Assurance of confidentiality
3. Common interests
4. Awareness of the bigger picture

Question 15

Factors to Be Considered When Joining a Community

Answer 15

Just read from the book

Question 16

Engage in Ongoing Communication

Answer 16

Question 17

Consume and Respond to Security Alerts

Answer 17

Question 18

Consume and Use Indicators

Answer 18

Question 19

Produce and Publish Indicators

Answer 19

Question 20

External Intelligence Sharing

Answer 20

Read from the book

Question 21

Establishing Trust

Answer 21

Question 22

Organizational Trust Models

Answer 22

Question 23

Sharing Strategic Threat Intelligence

Answer 23

Question 24

Sharing Tactical Threat Intelligence

Answer 24

Question 25

Sharing Operational Threat Intelligence

Answer 25

Question 26

Sharing Technical Threat Intelligence

Answer 26

Question 27

Sharing Intelligence Using YARA Rules

Answer 27

Question 28

IT-ISAC

Answer 28

Question 29

Forms of Delivery

Answer 29

Question 30

Machine-Readable Threat Intelligence

Answer 30

Question 31

Standards and Formats for Sharing Threat Intelligence

Answer 31

Question 32

Standards and Formats for Sharing Threat Intelligence (Cont’d)

MITRE Standards

Answer 32

Question 33

Standards and Formats for Sharing Threat Intelligence (Cont’d)

Managed Incident Lightweight Exchange (MILE)

Answer 33

Question 34

Standards and Formats for Sharing Threat Intelligence (Cont’d)

VERIS, IDMEF

Answer 34

Question 35

CISPA

Answer 35

Question 36

Cybersecurity Information Sharing Act (CISA)

Answer 36

Question 37

Integrating Threat Intelligence

Answer 37

Question 38

How to Integrate CTI into the Environment

Answer 38

Question 39

Acting on the Gathered Intelligence

Answer 39

Question 40

Tactical Intelligence Supports IT Operations: Blocking, Patching, and Triage

Answer 40

Question 41

Operational Intelligence Supports Incident Response: Fast Reaction and Remediation

Answer 41

read from the book

Question 42

Strategic Intelligence Supports Management: Strategic Investment and Communications

Answer 42

read from the book