IT Threat Intelligence

This post explores some aspects of threat intelligence in the context of IT security.

Concepts related to IT Threat Intelligence

Tactics, techniques and procedures are commonly referred as TTPs.

IT Thread Modelling

Thread modelling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized.

You can read more about threat models on this post.

IT Threat Intelligence Organizations

Organizations reporting threats:

  • MITRE
  • OWASP
  • NIST
  • ENISA

MITRE

MITRE publishes the MITRE ATT&CK threat model. You can read more about threat models like MITRE ATT&CK on this post.

OWASP

Open Web Application Security Project (OWASP)

OWASP official website

NIST

NIST

ENISA

ENISA

IT Threat Intelligence Databases and Reports

Organizations reporting threats:

  • OWASP Top Ten
  • ENISA Thread Landscape (ETL) Report

OWASP Top Ten

OWASP Top Ten represents a broad consensus about the 10 most critical security risks to web applications.

OWASP Top Ten official website

ENISA Thread Landscape (ETL) Report

ENISA published yearly the ENISA Thread Landscape (ETL) report.

Yearly reports:

Threat Intelligence Websites

You can find a list of threat intelligence websites on this post.

Threat Intelligence Tools

Threat intelligence tools featured on this post:

  • Yeti

Yeti

Yeti is a unified platform to consolidate observable indicators of compromise, TTPs and threat-related knowledge.

It is free and open source software (FOSS).

Yeti code repository

Open-source Intelligence

Open-source intelligence (OSINT) is the collection, analysis, and dissemination of information that is publicly available and legally accessible.. You can read more about it on this post.

You might also be interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *