Chapter 11: Enriching Data to Make Intelligence

In Chapter 1, Introduction to Cyber Threat Intelligence, Analytical Models, and Frameworks, we discussed the intelligence pipeline and the process of making data into intelligence through analysis, production, context, and enrichment. Enrichment is one of the final steps in transitioning collected data into something that can be actioned for further hunting or defensive considerations by the incident response teams.

In this chapter, you will learn how to use various tools to enrich both local observations and threat information to add contextually relevant information to events in their journey to actionable intelligence.

In this chapter, we're going to cover the following main topics:

Enhancing ...

Get Threat Hunting with Elastic Stack now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Threat Hunting with Elastic Stack by Andrew Pease

Chapter 11: Enriching Data to Make Intelligence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly