Cyber Threat Intelligence

4.

Data Sources for Threat Intelligence

4.1.

Internal Sources

4.1.1.

4.1.1.1.

Event Correlation

4.1.1.2.

Alert Generation

4.1.2.

Network Security Systems

4.1.2.1.

4.1.2.2.

Network Traffic Analysis

4.1.3.

Endpoint Security Data

4.1.3.1.

EDR Information

4.1.3.2.

Host-Based Monitoring

4.1.4.

Incident Response Reports

4.1.4.1.

Post-Incident Analysis

4.1.4.2.

Lessons Learned

4.1.5.

Vulnerability Management Data

4.1.5.1.

4.1.5.2.

Patch Management Information

4.1.6.

Ticketing and Case Management Systems

4.1.7.

Email Security Gateway Data

4.2.

External Sources

4.2.1.

Open-Source Intelligence

4.2.1.1.

Security Blogs and News

4.2.1.2.

Social Media Intelligence

4.2.1.3.

Government Reports

4.2.1.4.

Academic Research

4.2.1.5.

Public Code Repositories

4.2.1.6.

Paste Sites and Forums

4.2.2.

Commercial Sources

4.2.2.1.

Threat Intelligence Feeds

4.2.2.2.

4.2.2.3.

Private Security Forums

4.2.3.

Information Sharing Communities

4.2.3.1.

4.2.3.2.

4.2.4.

Human Intelligence

4.2.4.1.

Insider Information

4.2.4.2.

Industry Contacts

4.2.5.

Signals Intelligence

4.2.5.1.

Network Traffic Interception

4.2.5.2.

Communication Monitoring

4.2.6.

Dark Web and Deep Web Sources

4.3.

Source Reliability Evaluation

4.3.1.

Credibility Assessment

4.3.2.

Timeliness and Accuracy Validation

Previous

3. Types of Threat Intelligence

Go to top

Next

5. Analysis Techniques and Frameworks