DEV Community

丁久
丁久

Posted on • Originally published at dingjiu1989-hue.github.io

Threat Intelligence: Gathering and Applying Intel

#security #cybersecurity

This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat Intelligence: Gathering and Applying Intel

Threat intelligence is evidence-based knowledge about existing or emerging threats to an organization. It transforms raw data into actionable insights that help security teams prevent attacks, detect intrusions faster, and respond more effectively. This article covers the sources, frameworks, and tools for operational threat intelligence.

The Intelligence Lifecycle

Threat intelligence follows a structured lifecycle:

  • Requirements: What do you need to know? For example, which threat actors target your industry, what TTPs they use, and what indicators to watch for.

2\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Collection: Gather data from open sources, commercial feeds, internal telemetry, and human intelligence.

3\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Processing: Convert raw data into a usable format. Normalize timestamps, de-duplicate indicators, enrich with context.

4\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Analysis: Interpret processed data to answer the intelligence requirements.

5\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Dissemination: Deliver actionable intelligence to the right consumers (SOC analysts, incident responders, executives).

6\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. Feedback: Refine requirements and collection based on what was useful.

Open Source Intelligence (OSINT)

OSINT is intelligence derived from publicly available sources. It is free, accessible, and provides valuable context about threats.

OSINT Sources

  • Shodan: Search engine for internet-connected devices. Find exposed databases, industrial control systems, and vulnerable services.

  • Censys: Continuous internet scan data. Search for specific certificates, open ports, and protocols.

  • VirusTotal: File and URL analysis with multi-antivirus scanning. Identify malware samples and related indicators.

  • Have I Been Pwned: Check if email addresses or passwords appear in known breaches.

  • GitHub: Search for leaked credentials, API keys, or configuration files in public repositories.

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.

Top comments (0)