Threat Intelligence Flashcards
What is threat intelligence?
The process of collecting, analyzing, and using data related to threats and threat actors to improve security.
What are the three types of threat intelligence?
Strategic, Tactical, and Operational intelligence.
What is the difference between tactical and strategic threat intelligence?
Tactical focuses on specific threats and indicators, while strategic provides high-level insights into trends and risks.
What is an Indicator of Compromise (IOC)?
Evidence of a breach or malicious activity, such as unusual traffic, file changes, or abnormal network activity.
What is a Threat Actor?
An entity, individual, or group behind malicious cyber activities like hacking, phishing, or data breaches.
What is the Diamond Model of Intrusion Analysis?
A framework that describes cyber threats in terms of four components: Adversary, Capability, Infrastructure, and Victim.
What is OSINT?
Open Source Intelligence, which refers to the collection of publicly available data for security purposes.
What are TTPs in threat intelligence?
Tactics, Techniques, and Procedures—specific methods used by threat actors during cyberattacks.
What is a threat intelligence platform (TIP)?
A system used to collect, organize, and analyze threat data from multiple sources.
What is the role of STIX in threat intelligence?
Structured Threat Information eXpression (STIX) is a language for sharing cyber threat intelligence in a standardized format.
What is the role of TAXII in threat intelligence?
Trusted Automated eXchange of Indicator Information (TAXII) is a protocol for sharing threat intelligence securely and in real-time.
What is threat hunting?
Proactively searching through networks and systems to detect and isolate advanced threats before they cause damage.
