Threat Intelligence Tools

Threat Intelligence Tools

What is Threat Intelligence? 

• Evidence-based knowledge about potential adversaries and their activities.
•  Used to mitigate and manage potential risks.
•  Involves analyzing attack data to produce actionable information.

**Threat Intelligence Classifications**

• Strategic Intel: High-level intel on trends, patterns, and emerging threats.
• Technical Intel: Details on evidence and artifacts of attacks used by adversaries.
• Tactical Intel: Assesses adversaries' tactics, techniques, and procedures (TTPs).
• Operational Intel: Looks into an adversary's specific motives and intent.

Tools Used in Threat Intelligence

OSINT (Open-Source Intelligence) Tools:

•      UrlScan.io: Scans for malicious URLs and websites.
•     Abuse.ch: Identifies and tracks malware and botnets.
•     VirusTotal: Analyzes files and URLs for malware.
•     Phish Tool: Investigates phishing emails.
•     Cisco's Talos Intelligence: Platform for intel gathering.

Other Tools

•     Yara: Language for writing rules to detect malicious activity.
•     OpenCTI: Open-source platform for managing and sharing threat intelligence.
•     MISP: Open-source platform for threat intelligence sharing.