Threat intelligence types

When discussing the wide variety of information types and datasets that constitute threat intelligence, they often fall into one of three main categories:

  • Tactical threat intelligence: This is the most granular of the three threat intelligence categories. Information in this category involves either Indicators of Compromise (IOCs) or Tactics, techniques, or procedures.
    • Indicators of Compromise: An IOC is an artifact observed on a system that is indicative of a compromise of some sort. For example, a C2 IP address or an MD5 hash of a malicious file are IOCs.
    • Tactics, techniques, and procedures: Humans are creatures of habit and as a result, cyber attackers often develop a unique methodology to how they attack a ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.