Threat Intelligence

Collection, analysis, and operationalization of threat intelligence, including open-source intelligence techniques, intelligence platform implementations, indicator management, and intelligence-driven defense methodologies.

Overview

Threat intelligence involves the systematic collection, processing, analysis, and dissemination of information about current and potential threats. This category covers OSINT techniques, threat intelligence platform deployment, indicator analysis, threat actor tracking, and integration of intelligence into security operations.

Core Competencies

OSINT Collection

Open-source intelligence gathering techniques and methodologies for collecting publicly available information relevant to security operations.

Methodologies:

  • OSINT frameworks and processes
  • Domain and IP reconnaissance
  • Social media intelligence (SOCMINT)
  • Technical infrastructure mapping
  • Data aggregation and correlation

Threat Intelligence Platforms

Deployment and operation of threat intelligence platforms for indicator management, analysis, and information sharing.

Technologies:

  • MISP: Malware Information Sharing Platform
  • TheHive: Security incident response platform
  • Cortex: Observable analysis engine
  • STIX/TAXII: Structured threat information exchange

Indicator Analysis

Analysis and enrichment of indicators of compromise including file hashes, IP addresses, domains, and malicious URLs.

Capabilities:

  • IOC extraction and normalization
  • Indicator enrichment and contextualization
  • Reputation analysis and scoring
  • False positive identification
  • Indicator lifecycle management

Threat Modeling

Development of threat models to understand and prioritize potential threats to organizational assets and operations.

Frameworks:

  • STRIDE: Threat categorization methodology
  • PASTA: Process for Attack Simulation and Threat Analysis
  • MITRE ATT&CK: Adversary tactics and techniques

Automation and Enrichment

Automated intelligence collection, processing, and enrichment using APIs and scripting.

Tools:

  • Python: Intelligence automation and data processing
  • VirusTotal API: File and URL analysis
  • AbuseIPDB API: IP reputation service
  • AlienVault OTX: Open threat exchange

Laboratory Catalog

Lab Title Technologies Duration Complexity Status
31 MISP Threat Intelligence Platform MISP 4h Advanced Planned
32 TheHive Incident Response TheHive, Cortex 5h Expert Planned
33 OSINT Automation Framework Python, APIs 4h Advanced Planned
34 Real-time Threat Intelligence Dashboard Python, Dash 5h Expert Planned
35 STRIDE Threat Modeling STRIDE Framework 3h Advanced Planned

Technology Stack

Threat Intelligence Platforms

  • MISP: Open-source threat intelligence sharing platform
  • TheHive: Security incident response and case management
  • Cortex: Automated observable analysis and response
  • OpenCTI: Cyber threat intelligence platform

OSINT Tools

  • Maltego: Link analysis and data mining
  • Shodan: Internet-connected device search engine
  • Censys: Internet-wide scanning and analysis
  • Recon-ng: Web reconnaissance framework
  • SpiderFoot: OSINT automation tool

Automation and APIs

  • Python: Scripting for collection and parsing
  • AbuseIPDB: IP address reputation database
  • VirusTotal: File and URL analysis service
  • AlienVault OTX: Threat intelligence exchange

Analysis Frameworks

  • MITRE ATT&CK: Adversary tactics and techniques
  • STRIDE: Threat modeling methodology
  • Diamond Model: Intrusion analysis framework

Implementation Framework

Threat intelligence laboratories follow structured methodology:

  1. Planning and Direction: Define intelligence requirements
  2. Collection: Gather relevant information from sources
  3. Processing: Normalize and structure collected data
  4. Analysis: Analyze and contextualize information
  5. Dissemination: Share intelligence with stakeholders
  6. Feedback: Refine requirements based on consumer needs

Intelligence Types

Different intelligence levels and applications:

  • Strategic Intelligence: Long-term threat trends and risk assessment
  • Operational Intelligence: Campaign and threat actor tracking
  • Tactical Intelligence: Tactics, techniques, and procedures for defenders
  • Technical Intelligence: Malware analysis and infrastructure details

Professional Applications

These laboratories prepare for threat intelligence analyst roles:

  • Collection and analysis of threat intelligence
  • Enrichment of security operations center alerts
  • Production of threat intelligence reports
  • Threat hunting based on indicators of compromise
  • Threat actor attribution and profiling

Additional Resources

Relevant Certifications

  • GIAC Cyber Threat Intelligence (GCTI) (planned)
  • Certified Threat Intelligence Analyst (CTIA) (planned)

← Return to Home

© 2026 Issa MENTA | Cybersecurity Engineer

This site uses Just the Docs, a documentation theme for Jekyll.