DEV Community: Diksha Sharma The latest articles on DEV Community by Diksha Sharma (@diksha_sharma15). https://dev.to/diksha_sharma15 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3873738%2F753e5f42-7082-4ef3-baa8-b6eca2289fdd.png DEV Community: Diksha Sharma https://dev.to/diksha_sharma15 en 🚨 Understanding Threat Intelligence: From Raw Data to Meaningful Insights Diksha Sharma Sat, 11 Apr 2026 16:29:40 +0000 https://dev.to/diksha_sharma15/understanding-threat-intelligence-from-raw-data-to-meaningful-insights-3b0n https://dev.to/diksha_sharma15/understanding-threat-intelligence-from-raw-data-to-meaningful-insights-3b0n <p>Recently, I tried to understand how cybersecurity teams actually figure out if something is truly dangerous on the internet — and not just rely on one source of information.</p> <h2> What I Built </h2> <p>To explore this, I built a small system where I collected suspicious data (like IP addresses, urls,domains,etc.) from multiple platforms such as:</p> <ul> <li>VirusTotal</li> <li>AbuseIPDB</li> <li>AlienVault OTX</li> </ul> <p>Each of these platforms provides its own perspective on whether something is harmful or not.</p> <h2> The Reality of Data: It’s Messy </h2> <p>At first, it seemed simple — just collect the data.</p> <p>But very quickly, I realized that the data comes in different formats and is quite messy:</p> <ul> <li>Different structures</li> <li>Nested JSON responses</li> <li>Inconsistent field names</li> </ul> <p>To handle this, I used a <strong>Python script</strong> to parse and clean the data:</p> <ul> <li>Extracted relevant fields</li> <li>Standardized the structure</li> <li>Made the data usable for further analysis</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpxguctunmbdft4p1wi7o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpxguctunmbdft4p1wi7o.png" alt=" " width="800" height="456"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvsrmzezje7a51lryl9b1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvsrmzezje7a51lryl9b1.png" alt=" " width="800" height="373"></a></p> <p>This step turned out to be one of the most important parts of the entire process.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x726f86wqjd1y7gtz9u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x726f86wqjd1y7gtz9u.png" alt=" " width="800" height="639"></a></p> <h2> From Data to Insights </h2> <p>Once everything was structured, I stored it in a system (similar to what security teams use) and created dashboards to analyze it.</p> <p>This helped me:</p> <ul> <li>Compare what different platforms were saying about the same suspicious item</li> <li>Identify patterns across multiple sources</li> <li>Understand which indicators were more likely to be malicious</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmciratdeedwzh2am7195.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmciratdeedwzh2am7195.png" alt=" " width="800" height="427"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyqzcc90g8wagiylh5hy5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyqzcc90g8wagiylh5hy5.png" alt=" " width="800" height="249"></a></p> <h2> Key Insight </h2> <p>One source saying something is suspicious doesn’t mean much.</p> <p>But when multiple trusted sources say the same thing, it becomes much more reliable.</p> <h2> What Changed for Me </h2> <p>This experience really changed how I think:</p> <p>From:</p> <ul> <li>Just collecting data</li> </ul> <p>To:</p> <ul> <li>Understanding patterns</li> <li>Connecting multiple data points</li> <li>Making better, informed decisions</li> </ul> <h2> My Thoughts </h2> <p>Cybersecurity is not just about tools — it’s about how you interpret and connect data.</p> <p>This small practice helped me understand how raw information can be transformed into meaningful insights, which is exactly how modern SOC teams operate.</p> <p>💬 If you’re exploring cybersecurity, I’d love to hear your thoughts or approaches!</p> security socengineering cybersecurity threatintelligence