Threat Intel
- Collection & analysis of information about threats to gain a better understanding of them
Types of Threat Intel
| Type | Description |
|---|---|
| Strategic | High-level information for executives, high-level overview |
| Tactical | Technical information (such as TTPs) for technical staff |
| Operational | General information for middle management (i.e.: security managers) |
Sources of Threat Intel
- OSINT — Collect from external open sources
- Human Intel — Collect from human contact
- Counter Intel — Mislead the attacker (i.e.: honeypots)
- Internal Intel — Collect from internal employees
5-Tuple
Set of 5 attributes used to identify & describe a network connection/data flow.
- Source IP Address
- Destination IP Address
- Source Port
- Destination Port
- Protocol