Threat Intelligence and Sources Flashcards
What is Timeliness?
Property of an intelligence source that ensures it is up to date.
What is Relevancy?
Property of an intelligence source that ensures it matches the use cases intended for it.
What is Accuracy?
Property of an intelligence source that ensures it produces effective results.
What is Confidence Levels?
Property of an intelligence source that ensures it produces qualified statements about reliability.
What is Proprietary?
Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee.
What is a Closed Source?
Data that is derived from the provider’s own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.
What is an Open Source?
Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and may contain reputation lists and malware signature databases.
What are examples of Open Sources?
- US-CERT
- UK’s NCSC
- AT&T SECURITY
- MISP
- VirusTotal
- Spamhaus
- SANS ISC Suspicious Domains
What is Open Source Intelligence?
Methods of obtaining information about a person or organization through public records, websites, and social media.