Cyber Threat Intelligence

From ForensicsWiki
Jump to: navigation, search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Note that the term cyber is arguable misused in the context of "Cyber Threat Intelligence" [1] and should be considered more as an equivalent for "Digital Threat Intelligence" or "Internet Threat Intelligence".

Terminology

Indicator

Cyber Threat Indicator: A set of cyber observables combined with contextual information intended to represent artifacts and/or behaviors of interest within a cyber security context.[2]

TTP

TTP, in the context of cyber threat intelligence, is short for Tactics, Techniques and Procedures also sometimes referred to as Tools, Techniques, Procedures.

TTPs are representations of the behavior or modus operandi of cyber adversaries. It is a term taken from the traditional military sphere and is used to characterize what an adversary does and how they do it in increasing levels of detail.[3]

Standards

  • CAPEC
  • IDMEF
  • IODEF
  • MAEC
  • OpenIOC
  • Oval
  • Stix/Cybox
  • Veris
  • Yara

CAPEC

IODEF

OpenIOC

Cons:

  • Highly Mandiant product centric standard, though seems to have digressed a bit from this since version 1.1

Stix/Cybox

External Links

Feeds

CAPEC

IODEF

MAEC

OpenIOC

Stix/Cybox

Tools