Now that we have researched where we want to get our threat intelligence from, we should recognize the sheer amount of information that will be coming to us. Before we get into the relevance of the information in respect to the organization, we must now have a place to collect all of it. Phase A will be complete once we have identified the platform that we will use to aggregate all of the data in preparation for analysis.
Objectives for level 1 phase A:
- Identify a threat intelligence platform
- Begin to consume raw threat intelligence
Although there are plenty of premium options for threat intelligence platforms, here are a few community-driven, open source threat intelligence platforms.
To better understand the information that is coming in, we will need a framework to process the threat feed information. This is where these platforms fit in. These tools will take structured and unstructured threat intelligence and put it in a format that can be reviewed by a security analyst or team member. To help enrich the data, the framework will reconcile with third parties for similar IOCs that have been submitted, which will also allow stakeholders to prioritize or address potential threats.