2.1 Introduction to Data Collection

00:00

Hello, this is Anne, said British. Welcome again to the Advance it Cyber Threat Intelligence Course. This is the first module data collection. First lesson. What is data collection?

00:12

In this video, we will dip dive into data collection. We will start with defining what is data collection, and then we will detain the different types off data collection sources.

00:28

Now let's start the definition off Collection collection is the process off gathering data and information to address intelligence requirements and objectives that were defined during the planning and direction face off the intelligence life cycle.

00:48

The data collected can be a finish. Its intelligence like intelligence reports from vendors or reports from cyber security blocks

00:58

or

00:59

road data from different sources off logs like firewall in points I ps et cetera, or damps, for example, based website.

01:11

I have a three recommendation about data collection. The 1st 1 is

01:19

in order to get a full picture about threats. Collecting data from one source is not sufficient. So basically, the more data you collect, the more evidence you will get in order to make assessment. But hold on

01:37

data needs to be relevant. Otherwise, these can slow down your investigations and coz knowledge, knowledge, gaps, so quality matters as much as quantity.

01:52

Data collection

01:53

is also a time consuming task, so my recommendation here is automation. Automate as much as you can from the collection face so you can save a lot of time for Britain and analyzes.

02:08

Now let's move to the types off collection sources I can divide. Ah, the collection sources in tow, ju B categories, internal data sources and external ones.

02:22

Let's start with the internal sources. We can find different types off internal sources. We can find logs or more known as road data.

02:34

Also, vulnerability scan results we can. We can also find network capture tools or internal data basis. We can also find internal threats, reports from previous investigations or indicators off compromises or IOC's

02:52

ah, save it into SIM or, um threat, intelligence platform or even flat databases

02:59

and storied from previous investigations or previous cases

03:05

for the external sources, there are a lot of types. Ah, we can, um, we can say there are threatened thread data feuds or sent social media,

03:16

cyber security, blog's and threat reports shared by security experts or security vendors

03:25

Threat actor forums on the dark Web.

03:29

Let's summarize video. This is the first lesson in the first Model data collection. We started with data with the finding data collection face, then the different categories off collection sources. And then we gave We gave summer recommendation about data collection,

03:50

like collecting data from one source is not sufficient. Quality matters as much as quality and automation can save a lot of time for analysis. Face