Threat intelligence is controlled, calculated, and refined information about potential or current attacks that threaten an organization. The primary purpose of this kind of intelligence is to ensure organizations are aware of the current risks, such as Advanced Persistent Threats (APTs), zero-day exploits, and other severe external threats. For example, if credit card information was stolen from Company A through APTs, Company B could be alerted to this threat intelligence and adjust their security accordingly.

But, it is most likely that organizations will take a very long time to make a decision due to lack of trusted sources, and also the spending involved due to the nature and probability of the threats. In the preceding example, Company B, may have 2,000 stores to replace, or have to halt all transactions.

This information can be potentially utilized by attackers to exploit the network. However, this information is considered part of the passive reconnaissance activity, since there is no direct attack launched on the target yet.

Penetration testers or attackers will always subscribe to these kinds of open source threat intelligence frameworks, such as STIX and TAXII, or utilize, GOSINT framework for indicators of compromise (IOCs)