COURSE

Advanced Cyber Threat Intelligence

Course

Do you want to take your cyber threat intelligence skills to the next level so you can better protect your organization? Learn to leverage existing data sources, reduce false positives, and use models like the Cyber Kill Chain, and the MITRE ATT&CK framework to structure your analysis in this Advanced Cyber Threat Intelligence course.
Start Course
Start course for free
Full access included with 
Insider Pro
 and 
Teams

4

H

13

M
Time

advanced

i
Designed for learners who have no prior work experience in IT or Cybersecurity, but are interested in starting a career in this exciting field.
Designed for learners with prior cybersecurity work experience who are interested in advancing their career or expanding their skillset.
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

5

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this course

Read More

Skills you'll gain

Course Outline

1
Module 1: Introduction
0
H
15
Min
1
Module 2: Collection
1
H
8
Min
1
Module 3: Data Management and Processing
0
H
30
Min
1
Module 4: Analysis
0
H
32
Min
1
Module 5: Campaign Analysis
0
H
32
Min
1
Module 6: Attribution
0
H
38
Min
1
Module 7: Dissemination and Sharing
0
H
29
Min
1
Module 8: Summary
0
H
7
Min
1
Course Assessment
0
H
30
Min

8.1 Summary

Free

7m

7.1 Introduction to Dissemination

Free

7m

6.1 Introduction to Attribution

Free

8m

4.1 Introduction to Analysis

Free

5m

5.1 Introduction to Campaigns

Free

5m

3.1 Introduction to Data Processing

Free

6m

2.1 Introduction to Data Collection

Free

4m

1.1 Course Introduction

Free

8m

7.2 Tactical Intelligence

Free

7m

6.2 Cognitive Biases

Free

6m

3.2 Common CTI Standards Part 1

Free

8m

4.2 Analysis of Competing Hypothesis

Free

8m

5.2 Heatmap Analysis

Free

6m

2.2 Internal Data Acquisition

Free

7m

1.2 Introduction to the Intelligence Lifecycle

Free

7m

7.3 Operational Intelligence

Free

5m

6.3 Logical Fallacies

Free

7m

5.3 Visual Analysis

Free

6m

3.3 Common CTI Standards Part 2

Free

4m

4.3 Cyber Kill Chain and Diamond Model

Free

11m

2.3 External Data Sources

Free

7m

6.4 How to Manage Biases

Free

5m

4.4 Cyber Kill Chain and Courses of Action Matrix

Free

9m

2.4 Private Data Sources Part 1

Free

8m

6.5 Nation-State Attribution Part 1

Free

8m

5.5 Threat Intelligence Naming Conventions

Free

7m

3.5 Threat Intelligence Platforms

Free

9m

2.5 Private Data Sources Part 2

Free

4m

6.6 Nation-State Attribution Part 2

Free

5m

2.6 Community Data Sources

Free

11m

2.7 Public Data Sources Part 1

Free

8m

2.8 Public Data Sources Part 2

Free

3m

2.9 Leveraging OSINT Part 1

Free

10m

2.10 Leveraging OSINT Part 2

Free

7m

Module 1: Introduction
Heading
Module 1: Introduction
1
Hr
5
Min
Module 2: Collection
Heading
Module 1: Introduction
1
Hr
5
Min
Module 3: Data Management and Processing
Heading
Module 1: Introduction
1
Hr
5
Min
Module 4: Analysis
Heading
Module 1: Introduction
1
Hr
5
Min
Module 5: Campaign Analysis
Heading
Module 1: Introduction
1
Hr
5
Min
Module 6: Attribution
Heading
Module 1: Introduction
1
Hr
5
Min
Module 7: Dissemination and Sharing
Heading
Module 1: Introduction
1
Hr
5
Min
Module 8: Summary
Heading
Module 1: Introduction
1
Hr
5
Min
Course Assessment
Heading
Module 1: Introduction
1
Hr
5
Min
8.1 Summary

7m

Module 8: Summary
7.1 Introduction to Dissemination

7m

Module 7: Dissemination and Sharing
6.1 Introduction to Attribution

8m

Module 6: Attribution
4.1 Introduction to Analysis

5m

Module 4: Analysis
5.1 Introduction to Campaigns

5m

Module 5: Campaign Analysis
3.1 Introduction to Data Processing

6m

Module 3: Data Management and Processing
2.1 Introduction to Data Collection

4m

Module 2: Collection
1.1 Course Introduction

8m

Module 1: Introduction
7.2 Tactical Intelligence

7m

Module 7: Dissemination and Sharing
6.2 Cognitive Biases

6m

Module 6: Attribution
3.2 Common CTI Standards Part 1

8m

Module 3: Data Management and Processing
4.2 Analysis of Competing Hypothesis

8m

Module 4: Analysis
5.2 Heatmap Analysis

6m

Module 5: Campaign Analysis
2.2 Internal Data Acquisition

7m

Module 2: Collection
1.2 Introduction to the Intelligence Lifecycle

7m

Module 1: Introduction
7.3 Operational Intelligence

5m

Module 7: Dissemination and Sharing
6.3 Logical Fallacies

7m

Module 6: Attribution
5.3 Visual Analysis

6m

Module 5: Campaign Analysis
3.3 Common CTI Standards Part 2

4m

Module 3: Data Management and Processing
4.3 Cyber Kill Chain and Diamond Model

11m

Module 4: Analysis
2.3 External Data Sources

7m

Module 2: Collection
6.4 How to Manage Biases

5m

Module 6: Attribution
4.4 Cyber Kill Chain and Courses of Action Matrix

9m

Module 4: Analysis
2.4 Private Data Sources Part 1

8m

Module 2: Collection
6.5 Nation-State Attribution Part 1

8m

Module 6: Attribution
Course Description

Cyber threats keep getting more complex and sophisticated and security teams cannot continue playing whack-a-mole. Basic methods and tools are no longer efficient against these emerging threats. This is why moving towards more data driven security is a necessity and of course all of this requires specific skills that you will be learning through this course. This course, Advanced Cyber Threat Intelligence, is built with the intelligence cycle in mind to create a consistent image and a logical sequence of how to build and leverage a Threat Intelligence program.

So, you will be interested to enroll in the course if you already have some basic knowledge about cyber threat intelligence and you are looking for a course to enhance your existing skills, or perhaps you are building a new Cyber Threat Intelligence program for your organization. The advanced Cyber Threat Intelligence course will benefit security practitioners and individuals interested in preventing cyber threats. In this course, we will discuss how Threat Intelligence can help you leverage your existing data sources to extract useful information and how to find complementary information and intelligence from external sources. We will also explain how to get actionable data through the process of vetting and the importance of this task to reduce efforts on false positives investigations.

The next part will be dealing with analysis of intrusion and campaigns. It can help you structure your analysis using models and techniques like the Analysis of Competing Hypotheses, the Cyber Kill Chain and MITRE ATT&CK. A full part will be dedicated to campaign investigation and its sophisticated analysis methods such as Visual analysis and Heatmap analysis. Another interesting part of the analysis is attribution. Working on complex investigations can often lead to create confusion or even push analysts to use shortcuts to come up with conclusions especially related to attribution. At some point, it becomes a handicap to think properly but if the analysts are unable to identify these issues, they won’t be able to defeat them. For this reason, one of the modules will discuss biases and logical errors identification and giving advice on how to manage them.

And finally, one of the key concepts of Cyber Threat Intelligence is dissemination. Therefore, it is essential to choose the right format of intelligence to share based on your targeted audience (tactical, operational, strategic).

Prerequisites

  • Familiar with networking essentials
  • Familiar with security terminology (Firewall, SIEM, IPS, …)
  • Complete the “Intro to Cyber Threat Intelligence” course
  • Basic OSINT knowledge
  • Basic understanding of the Cyber Kill Chain
  • Basic understanding of data analysis

    • Course Goals

    By the end of this course, students should be able to:

  • Run a threat intelligence program for an organization
  • Collect and select relevant intelligence to enhance detection and response
  • Analyze a campaign using ACH
  • Understand the mindset of modern attackers and adapt detection & response strategies based on Cyber Threat Intelligence analysis
  • Challenge and manage biases in intrusion analysis
  • Provide actionable advice about emerging threats
    • Build and disseminate threat intelligence reports based on the intended audience

    Train Your Team

    Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

    Cybrary For Business

    Included in a Path

    Included Cert Path

    Instructors

    Alyssa Berriche
    Read Full Bio
    Learn

    Learn core concepts and get hands-on with key skills.

    Practice

    Exercise your problem-solving and creative thinking skills with security-centric puzzles

    Prove

    Assess your knowledge and skills to identify areas for improvement and measure your growth

    Get Hands-on Learning

    Put your skills to the test in virtual labs, challenges, and simulated environments.

    Measure Your Progress

    Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

    Connect with the Community

    Connect with peers and mentors through our supportive community of cybersecurity professionals.

    Success from Our Learners

    "Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

    Don Gates

    Principal Systems Engineer/SAIC

    "Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

    Cory

    Cybersecurity analyst/

    "I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

    Mike

    Security Engineer and Pentester/

    "Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

    Don Gates

    Principal Systems Engineer/SAIC

    "Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

    Cory

    Cybersecurity analyst/

    "I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

    Mike

    Security Engineer and Pentester/

    "Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

    Cassandra

    Information Security Analyst/Cisco Systems

    "I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

    Casey

    Cyber Systems Engineer/BDO

    "Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

    Angel

    Founder,/ IntellChromatics.

    courses

    Advanced Cyber Threat Intelligence

    Do you want to take your cyber threat intelligence skills to the next level so you can better protect your organization? Learn to leverage existing data sources, reduce false positives, and use models like the Cyber Kill Chain, and the MITRE ATT&CK framework to structure your analysis in this Advanced Cyber Threat Intelligence course.
    4
    Share
    Start CourseSubscribe for UpdatesNeed to train your team? Learn more
    Start Course for FreeNeed to train your team? Learn more
    4
    13
    M
    Time
    advanced
    difficulty
    5
    ceu/cpe

    Course Content

    Course Description

    Cyber threats keep getting more complex and sophisticated and security teams cannot continue playing whack-a-mole. Basic methods and tools are no longer efficient against these emerging threats. This is why moving towards more data driven security is a necessity and of course all of this requires specific skills that you will be learning through this course. This course, Advanced Cyber Threat Intelligence, is built with the intelligence cycle in mind to create a consistent image and a logical sequence of how to build and leverage a Threat Intelligence program.

    So, you will be interested to enroll in the course if you already have some basic knowledge about cyber threat intelligence and you are looking for a course to enhance your existing skills, or perhaps you are building a new Cyber Threat Intelligence program for your organization. The advanced Cyber Threat Intelligence course will benefit security practitioners and individuals interested in preventing cyber threats. In this course, we will discuss how Threat Intelligence can help you leverage your existing data sources to extract useful information and how to find complementary information and intelligence from external sources. We will also explain how to get actionable data through the process of vetting and the importance of this task to reduce efforts on false positives investigations.

    The next part will be dealing with analysis of intrusion and campaigns. It can help you structure your analysis using models and techniques like the Analysis of Competing Hypotheses, the Cyber Kill Chain and MITRE ATT&CK. A full part will be dedicated to campaign investigation and its sophisticated analysis methods such as Visual analysis and Heatmap analysis. Another interesting part of the analysis is attribution. Working on complex investigations can often lead to create confusion or even push analysts to use shortcuts to come up with conclusions especially related to attribution. At some point, it becomes a handicap to think properly but if the analysts are unable to identify these issues, they won’t be able to defeat them. For this reason, one of the modules will discuss biases and logical errors identification and giving advice on how to manage them.

    And finally, one of the key concepts of Cyber Threat Intelligence is dissemination. Therefore, it is essential to choose the right format of intelligence to share based on your targeted audience (tactical, operational, strategic).

    Prerequisites

  • Familiar with networking essentials
  • Familiar with security terminology (Firewall, SIEM, IPS, …)
  • Complete the “Intro to Cyber Threat Intelligence” course
  • Basic OSINT knowledge
  • Basic understanding of the Cyber Kill Chain
  • Basic understanding of data analysis

    • Course Goals

    By the end of this course, students should be able to:

  • Run a threat intelligence program for an organization
  • Collect and select relevant intelligence to enhance detection and response
  • Analyze a campaign using ACH
  • Understand the mindset of modern attackers and adapt detection & response strategies based on Cyber Threat Intelligence analysis
  • Challenge and manage biases in intrusion analysis
  • Provide actionable advice about emerging threats
    • Build and disseminate threat intelligence reports based on the intended audience

    This course is part of a Career Path:
    Become a SOC Analyst - Level 2
    This Career Path is for a Security Operations Center Analyst (SOC Analyst). This particular Career Path covers a more intermediate-level SOC role. As a SOC Analyst, your primary duty is to ensure that the organization’s digital assets are secure and protected from unauthorized access. That means that you are responsible for protecting both online and on-premise infrastructures, monitoring data to identify suspicious activity, and identifying and mitigating risks before there is a breach. In the event that a breach does occur, a SOC analyst will be on the front line, working to counter the attack. This career path is aligned to the Cyber Defense Incident Responder NICE/NIST Work Role.

    Instructed by

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Advanced Cyber Threat Intelligence Certificate of Completion

    Coming mid-July
    Cybrary Reimagined.
    Level up with structured, role-aligned career paths.
    ALL NEW!
    Cybrary Reimagined.
    Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
    Level up with structured, role-aligned career paths.
    Valid until October 31. Elevate your skills today!
    Start Now
    This is the default text value
    career-paths
    career-path

    Heading

    Heading 1

    Heading 2

    Heading 3

    Heading 4

    Heading 5
    Heading 6

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

    Block quote

    Ordered list

    1. Item 1
    2. Item 2
    3. Item 3

    Unordered list

    • Item A
    • Item B
    • Item C

    Text link

    Bold text

    Emphasis

    Superscript

    Subscript

    Start CourseNeed to train your team? Learn More
    Start Path for FreeNeed to train your team? Learn More
    This is some text inside of a div block.
    Share

    Purpose Statement

    Cybrary Career Paths are comprehensive training programs designed to prepare you for the most in-demand roles in the cybersecurity workforce. Each path follows a Learn, Practice, Prove model and includes different activity types aligned to key topics within the path’s security domain. As you progress through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic. Upon completing all of the requirements for a path, you will be rewarded with a shareable digital badge via Credly.
    This is some text inside of a div block.
    This is some text inside of a div block.
    M
    Time
    This is some text inside of a div block.
    difficulty
    This is some text inside of a div block.
    ceu/cpe

    Overview

    Heading 1

    Heading 2

    Heading 3

    Heading 4

    Heading 5
    Heading 6

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

    Block quote

    Ordered list

    1. Item 1
    2. Item 2
    3. Item 3

    Unordered list

    • Item A
    • Item B
    • Item C

    Text link

    Bold text

    Emphasis

    Superscript

    Subscript

    Frequently Asked Questions
    No items found.
    What Will I Learn?
    Foundations
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
    Defensive Security
    Focused on trying to find the bad guys. Topics such as threat intelligence, threat hunting, network monitoring, incident response. Defensive security is a reactive measure taken once a vulnerability is found through prevention, detection, and response.
    Engineering and Operations
    Focused on building and operating information systems.
    Governance, Risk, and Compliance
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
    Leadership and Management
    Focused on program design and oversight. Covers project and program management.
    Offensive Security
    Focused on validating security controls by trying to break them (i.e. penetration testing or ethical hacking). Topics such as Kali Linux, metasploit, scanning, and privilege escalation. Offensive security seeks out the problem or vulnerability through ethical hacking and finds a solution to disable the operation.
    Offensive Security
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
    Path Outline

    Heading 1

    Heading 2

    Heading 3

    Heading 4

    Heading 5
    Heading 6

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

    Block quote

    Ordered list

    1. Item 1
    2. Item 2
    3. Item 3

    Unordered list

    • Item A
    • Item B
    • Item C

    Text link

    Bold text

    Emphasis

    Superscript

    Subscript

    Course Outline

    What Our Learners Are Saying

    Join 3 million+ users, including 96% of Fortune 1000 companies who use our platform to upskill their teams. See what the buzz is about - start learning for free!

    No items found.
    This is some text inside of a div block.
    threat-actor-campaigns
    threat-actor-campaigns