Time
4 hours 42 minutes
Difficulty
Advanced
CEU/CPE
5

Video Transcription

00:00
Hello, this is Anne, said British. Welcome again to the Advance it Cyber Threat Intelligence Course. This is the first module data collection. First lesson. What is data collection?
00:12
In this video, we will dip dive into data collection. We will start with defining what is data collection, and then we will detain the different types off data collection sources.
00:28
Now let's start the definition off Collection collection is the process off gathering data and information to address intelligence requirements and objectives that were defined during the planning and direction face off the intelligence life cycle.
00:48
The data collected can be a finish. Its intelligence like intelligence reports from vendors or reports from cyber security blocks
00:58
or
00:59
road data from different sources off logs like firewall in points I ps et cetera, or damps, for example, based website.
01:11
I have a three recommendation about data collection. The 1st 1 is
01:19
in order to get a full picture about threats. Collecting data from one source is not sufficient. So basically, the more data you collect, the more evidence you will get in order to make assessment. But hold on
01:37
data needs to be relevant. Otherwise, these can slow down your investigations and coz knowledge, knowledge, gaps, so quality matters as much as quantity.
01:52
Data collection
01:53
is also a time consuming task, so my recommendation here is automation. Automate as much as you can from the collection face so you can save a lot of time for Britain and analyzes.
02:08
Now let's move to the types off collection sources I can divide. Ah, the collection sources in tow, ju B categories, internal data sources and external ones.
02:22
Let's start with the internal sources. We can find different types off internal sources. We can find logs or more known as road data.
02:34
Also, vulnerability scan results we can. We can also find network capture tools or internal data basis. We can also find internal threats, reports from previous investigations or indicators off compromises or IOC's
02:52
ah, save it into SIM or, um threat, intelligence platform or even flat databases
02:59
and storied from previous investigations or previous cases
03:05
for the external sources, there are a lot of types. Ah, we can, um, we can say there are threatened thread data feuds or sent social media,
03:16
cyber security, blog's and threat reports shared by security experts or security vendors
03:25
Threat actor forums on the dark Web.
03:29
Let's summarize video. This is the first lesson in the first Model data collection. We started with data with the finding data collection face, then the different categories off collection sources. And then we gave We gave summer recommendation about data collection,
03:50
like collecting data from one source is not sufficient. Quality matters as much as quality and automation can save a lot of time for analysis. Face
04:02
This is it for this video and the next video, we'll dig more into the internal data sources. See you there.

Up Next

Advanced Cyber Threat Intelligence

Advanced Cyber Threat Intelligence will benefit security practitioners interested in preventing cyber threats. Learn how to leverage your existing data sources to extract useful information and find complementary information from external sources.

Instructed By

Instructor Profile Image
Alyssa Berriche
Instructor