When discussing the wide variety of information types and datasets that constitute threat intelligence, they often fall into one of three main categories:
- Tactical threat intelligence: This is the most granular of the three threat intelligence categories. Information in this category involves either Indicators of Compromise (IOCs) or Tactics, techniques, or procedures.
- Indicators of Compromise: An IOC is an artifact observed on a system that is indicative of a compromise of some sort. For example, a C2 IP address or an MD5 hash of a malicious file are IOCs.
- Tactics, techniques, and procedures: Humans are creatures of habit and as a result, cyber attackers often develop a unique methodology to how they attack a ...