10. Intel 101
• Data vs Intelligence
– Context, Intent, Capability
• Tactical vs Strategic
– How and what?
– Who and why?
• Atomic vs Composite
– IP, packet string, hash
– Combine multiple things
• TTP- Tactics, Techniques and Procedures
14. Planning
• What issues to be addressed?
• What info to be gathered?
• What is the leadership and business priority?
15. 5 stage process
• Planning
– What are you looking for?
• Collection
– OSINT/HUMINT
– Logs/Data points inside the org
– Honeypots/nets/docs, social networks
– FM-5
• Processing
– Synthesis so that intelligence analysts can use
• Analysis
– Finished Intel- Top of the pyramid of pain
• Dissemination
– Customize and present to the right audience
23. STIX
• STIX provides a common language for
describing cyber threat information so it can
be shared, stored, and otherwise used in a
consistent manner that facilitates automation.
24. TAXII
• Trusted Automated eXchange of Indicator
Information (TAXII™) is a U.S. Department of
Homeland Security (DHS)-led, community-
driven effort to standardize the trusted,
automated exchange of cyber threat
information.