Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Operationalizing Threat Intelligence
  • Table Of Contents Toc
  • Feedback & Rating feedback
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

By : Wilhoit, Opacki
4.6 (14)
Buy this Book
close
close
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

4.6 (14)
By: Wilhoit, Opacki
Buy this Book

Overview of this book

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps. In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence. By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1: What Is Threat Intelligence?
Icon
Section 1: What Is Threat Intelligence?
Free Chapter
2
Chapter 1: Why You Need a Threat Intelligence Program
Icon
Chapter 1: Why You Need a Threat Intelligence Program
Icon
What is CTI, and why is it important?
Icon
Tactical, strategic, operational, and technical threat intelligence
Icon
The uses and benefits of CTI
Icon
How to get CTI
Icon
What is good CTI?
Icon
Intelligence cycles
Icon
Threat intelligence maturity, detection, and hunting models
Icon
What to do with threat intelligence
Icon
Summary
3
Chapter 2: Threat Actors, Campaigns, and Tooling
Icon
Chapter 2: Threat Actors, Campaigns, and Tooling
Icon
Actor motivations
Icon
Threat actors
Icon
Threat campaigns
Icon
Vulnerabilities and malware
Icon
Malware, campaigns, and actor naming
Icon
Tooling
Icon
Threat actor attribution
Icon
Summary
4
Chapter 3: Guidelines and Policies
Icon
Chapter 3: Guidelines and Policies
Icon
The needs and benefits of guidelines, procedures, standards, and policies
Icon
SIRs
Icon
PIRs
Icon
GIRs
Icon
FCRs
Icon
Developing intelligence requirements
Icon
Summary
5
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
Icon
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
Icon
The importance of adopting frameworks and standards
Icon
Threat modeling methods and frameworks
Icon
Threat intelligence and data sharing frameworks
Icon
Storage platforms
Icon
Summary
6
Section 2: How to Collect Threat Intelligence
Icon
Section 2: How to Collect Threat Intelligence
7
Chapter 5: Operational Security (OPSEC)
Icon
Chapter 5: Operational Security (OPSEC)
Icon
What is OPSEC?
Icon
Types of OPSEC
Icon
Identity OPSEC
Icon
Technical OPSEC types and concepts
Icon
Actor engagement
Icon
Source protection
Icon
OPSEC monitoring
Icon
Personnel training and metrics
Icon
Summary
8
Chapter 6: Technical Threat Intelligence – Collection
Icon
Chapter 6: Technical Threat Intelligence – Collection
Icon
The collection management process
Icon
The role of the collection manager
Icon
Prioritized collection requirements
Icon
The collection operations life cycle
Icon
Surveying your collection needs
Icon
Planning and administration
Icon
The collection operation
Icon
Data types
Icon
The artifact and observable repositories
Icon
Intelligence collection metrics
Icon
Summary
9
Chapter 7: Technical Threat Analysis – Enrichment
chevron up
Icon
Chapter 7: Technical Threat Analysis – Enrichment
Icon
The need and motivation for enrichment and analysis
Icon
Infrastructure-based IOCs
Icon
File-based IOCs
Icon
Dynamic malware analysis
Icon
Reverse engineering
Icon
Summary
10
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
Icon
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
Icon
The motivation for hunting and pivoting
Icon
Hunting methods
Icon
Pivot methods
Icon
Pivot and hunting tools and services
Icon
Summary
11
Chapter 9: Technical Threat Analysis – Similarity Analysis
Icon
Chapter 9: Technical Threat Analysis – Similarity Analysis
Icon
The motivations behind similarity analysis
Icon
Graph theory with similarity groups
Icon
Similarity analysis tools
Icon
Hashing and fingerprinting tools
Icon
Summary
12
Section 3: What to Do with Threat Intelligence
Icon
Section 3: What to Do with Threat Intelligence
13
Chapter 10: Preparation and Dissemination
Icon
Chapter 10: Preparation and Dissemination
Icon
Data interpretation and alignment
Icon
Data versus information versus intelligence
Icon
Critical thinking and reasoning in cyber threat intelligence
Icon
Metadata tagging in threat intelligence
Icon
Thoughts before dissemination
Icon
Summary
14
Chapter 11: Fusion into Other Enterprise Operations
Icon
Chapter 11: Fusion into Other Enterprise Operations
Icon
SOC
Icon
IR
Icon
Red and blue teams
Icon
Threat intelligence
Icon
Information security
Icon
Other departments to consider
Icon
Summary
15
Chapter 12: Overview of Datasets and Their Practical Application
Icon
Chapter 12: Overview of Datasets and Their Practical Application
Icon
Planning and direction
Icon
Collection
Icon
Analysis
Icon
Production
Icon
Dissemination and feedback
Icon
Summary
16
Chapter 13: Conclusion
Icon
Chapter 13: Conclusion
Icon
What Is Cyber Threat Intelligence?
Icon
How to Collect Cyber Threat Intelligence
Icon
What to Do with Cyber Threat Intelligence
Icon
Summary
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Infrastructure-based IOCs

Analyzing, enriching, and understanding malicious infrastructure is valuable when you're creating actionable intelligence that is timely, actionable, and relevant. Malicious infrastructure can originate from virtually anywhere, including logs, OSINT feeds, and blocklists.

When you're analyzing malicious infrastructure, there are many ways to enrich and analyze infrastructure-based IOCs. In terms of the specifics, we'll focus on three primary datasets that we extract intelligence value from – DNS, WHOIS, and passive DNS. When analyzed individually, these three datasets and their data often do not indicate maliciousness directly. However, when analyzed together, intelligence and maliciousness are often more easily understood and determined.

Each dataset provides analytical value, as we'll see in the following subsections.

Domain Name System (DNS)

The Domain Name System (DNS) is a foundational concept in computer networking...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 3
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY