Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Operationalizing Threat Intelligence

You're reading from   Operationalizing Threat Intelligence A guide to developing and operationalizing cyber threat intelligence programs

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781801814683
Length 460 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Joseph Opacki Joseph Opacki
Author Profile Icon Joseph Opacki
Joseph Opacki
Kyle Wilhoit Kyle Wilhoit
Author Profile Icon Kyle Wilhoit
Kyle Wilhoit
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Section 1: What Is Threat Intelligence?
2. Chapter 1: Why You Need a Threat Intelligence Program FREE CHAPTER 3. Chapter 2: Threat Actors, Campaigns, and Tooling 4. Chapter 3: Guidelines and Policies 5. Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms 6. Section 2: How to Collect Threat Intelligence
7. Chapter 5: Operational Security (OPSEC) 8. Chapter 6: Technical Threat Intelligence – Collection 9. Chapter 7: Technical Threat Analysis – Enrichment 10. Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting 11. Chapter 9: Technical Threat Analysis – Similarity Analysis 12. Section 3: What to Do with Threat Intelligence
13. Chapter 10: Preparation and Dissemination 14. Chapter 11: Fusion into Other Enterprise Operations 15. Chapter 12: Overview of Datasets and Their Practical Application 16. Chapter 13: Conclusion 17. Other Books You May Enjoy

The need and motivation for enrichment and analysis

For threat intelligence and security teams to successfully sift through the mountains of data that is often generated from an organizational environment, CTI and security functions need to examine enriched or contextualized data to action their workflows and understand the attack itself. This need is often achieved through an enrichment process, or the act of adding contextualization to specific data, making it more actionable.

Threat intelligence enrichment or analysis is the process of appending or enhancing the relevant context for data and, more specifically, threat intelligence data. Additionally, enrichment encompasses normalization processes for processing CTI data, such as deduplication. CTI functions aren't the sole beneficiary of enriched threat intelligence. Many additional teams outside of threat intelligence can benefit from enrichment, such as incident response, forensics, network security, Security Operation...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image