Phase A

Now that we have researched where we want to get our threat intelligence from, we should recognize the sheer amount of information that will be coming to us. Before we get into the relevance of the information in respect to the organization, we must now have a place to collect all of it. Phase A will be complete once we have identified the platform that we will use to aggregate all of the data in preparation for analysis.

Objectives for level 1 phase A:

  • Identify a threat intelligence platform
  • Begin to consume raw threat intelligence
At threat intelligence platform is a tool that allows for the aggregation of multiple information/source feeds so that they can be processed, analyzed, and prepared for distribution definition.

Although there are plenty of premium options for threat intelligence platforms, here are a few community-driven, open source threat intelligence platforms.

To better understand the information that is coming in, we will need a framework to process the threat feed information. This is where these platforms fit in. These tools will take structured and unstructured threat intelligence and put it in a format that can be reviewed by a security analyst or team member. To help enrich the data, the framework will reconcile with third parties for similar IOCs that have been submitted, which will also allow stakeholders to prioritize or address potential threats. 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.253.198