Threat Intelligence

Question 1

What are the 3 forms of threat intelligence?

Answer 1

Tactical = technical identifiers, signatures, tools that can indicate IOCs ( AV, IPS,LOG Files)

Operational = how threat actors behave, Tactical Threat and Procedures (TTPs)

Strategic = high-level threat information. News feed. Staying up to date

Question 2

What are OSINT?

Answer 2

Open source intelligence - solution open to all.

We have to be aware of the validity of the info

Question 3

What is a closed-source intelligence?

Answer 3

Offered by various organizations for a fee.

Question 4

What is an vulnerability?

Answer 4

A weakness in software that allows attackers access.

Question 5

What does CVE and NVD stand form?

Answer 5

Common Vulnerabilities and Exposures. (CVE)

National Vulnerability Database

Question 6

What are public/private information centers?

Answer 6

Information sharing and analyst center or organization (ISAC,ISAO). These facilitate the exchange of data between commercial and governmental entities.

Question 7

What might be a good reason to search the Dark Web?

Answer 7

If you are researching for any potential data breaches. If you find it then you can then try to mitigate the problem.

Question 8

What is STIX?

Answer 8

Structured Threat information eXpression.

A standardized way of representing threat intelligence. Its the format that the information is presented.

It is a data structure or a schema. It uses JASON

Question 9

What is TAXII?

Answer 9

Trusted Automated eXchange of Indicator Information.

A protocol used to exchange STIX data over HTTPS. It is a transportation used to send STIX data.