Security Incident and Threat Intelligence Integrations (14%) Flashcards
What is Threat Intelligence?
Process of collecting valuable or critical information to act or respond to an event.
T/F: The Security Case Management application is included in Threat Intelligence
True
What are the stages in the Threat Intelligence life cycle?
Aggregate - Contextualize - Prioritize - Utilize - Learn
What is the structured format for the description of threat data?
Structured Threat Information Express (STIX)
What is TAXI?
Trusted Automated Exchange of Intelligence Information (TAXI) is the transport mechanism for sharing threat intelligence data.
What is Cyber Observable eXpression (CybOX)?
Common structure for representing cyber observables across and among the operational areas of enterprise cybersecurity.
___________ is a language that can use CybOX words.
STIX
____________ characterizes what is being told, while ____________ defines how the ____________ language is shared
STIX, TAXII, STIX
What are the patterns of activities or methods associated with a specific threat actor or group of threat actors?
Tactics, Techniques, and Procedures TTPs)
An option to “Run Sightings Search” will only appear when ___________________________.
A valid implementation and Sighting Search Queries have been configured.
What are three Observable types supported for Sighting Search Configuration?
IP Address, Hash, and URL
What are the two Related List for Sightings Search?
Sighting Search Results an Sighting Search Details
Which Sighting Search related list summarizes the entire search?
Sighting Search Results
Which Sighting Search related list summarizes the results for each Observable?
Sighting Search Details
What are the traits of ServiceNow Gold Standard Integrations?
Enterprise Scale
Customer Focused
Robust
Standardized