Definitions[]
Threat information is
“ | [u]nevaluated material of every description, at all levels of reliability, and from any source that may contain knowledge or intelligence about a threat.[1] | ” |
“ | [a]ny information related to a threat that might help an organization protect itself against the threat or detect the activities of an actor. Major types of threat information include indicators, TTPs, security alerts, threat intelligence reports, and tool configurations.[2] | ” |
Overview[]
Major types of threat information include the following:
- Indicators are technical artifacts or observables that suggest an attack is imminent or is currently underway or that a compromise may have already occurred.
- Tactics, techniques, and procedures (TTPs) describe the behavior of an actor.
- Security alerts, also known as advisories, bulletins, and vulnerability notes, are brief, usually human-readable, technical notifications regarding current vulnerabilities, exploits, and other security issues.
- Threat intelligence reports are generally prose documents that describe TTPs, actors, types of systems and information being targeted, and other threat-related information that provides greater situational awareness to an organization. Threat intelligence is threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes.
- Tool configurations are recommendations for setting up and using tools that support the automated collection, exchange, processing, analysis, and use of threat information.
References[]
- ↑ DOE Manual 470.4-7, at 60.
- ↑ NIST Special Publication 800-171B, App. B, at 51.
Source[]
- "Overview" section: Cyber-Threat Intelligence and Information Sharing, at 2.