Learning is Better with Friends
Invite your friends to enjoy free, online cyber security and IT video courses
< Back to Threat Intelligence

Module 1 - Introduction

Module 2 - Intelligence Foundations

Module 3 - CTI Perceptions

Module 4 - Tactical Threat Intelligence

Module 5 - Operational Threat Intelligence

Module 6 - Strategic Threat Intelligence

Module 7 - The Cyber Kill Chain

Module 8 - Tactical Threat Intelligence Requirements

Module 9 - Cyber Kill Chain Analysis

Module 10 - Cyber Kill Chain Management

Module 11 - Using Open Source Intelligence

Module 12 - Summary

Intelligence Foundations – Foundations and Lifecycle

FacebookTwitterGoogle+LinkedInEmail
Learning should be free
Cybrary's open source learning community and hands on marketplace enables you to earn new skills and collaborate in an engaging and rewarding way. Join the other 1,565,841 IT professionals today to get free access to
  • Unlimited Free and Open Source Cyber Security Learning
  • CEU/CPE Certificates of Completion
  • Innovative Micro-Certifications
  • Over 200 Certification-based Practice Labs and Practice Tests
  • And much more!
Join Cybrary for Free
Already a member?
Login to view this lesson
Description
Virtual Practice Lab
Practice Test
Resources
Intelligence Foundations – Foundations and Lifecycle

The first step in responding to a cyber attack is gathering evidence (intelligence) during all phases of an attack from multiple data sources. In this video we’ll examine the foundations and lifecycle of intelligence gathering focusing on the following areas:

  • IoA (Indicators of Attack) – continuous monitoring of a wide range of things from the physical to server performance problems to suspicious network activity.
  • IoC (Indicators of Compromise) – direct evidence of a compromise such as permission changes, data exfiltration and hiding, AV disabling, and firewall rule changes.
  • TTPs (Tactics, Techniques, and Procedures) – operational taks indicating a problem such as a procedure that no longer works.
  • CRITs (Collaborative Research into Threats) – open source databases containing malware repositories such as the MITRE webpage.
  • Raw data vs. aggregated data – raw data from network devices of a threat feed is typically in no usable form and must be examined and filtered through other processes to be meaningful. Aggregated data is pieced together from various sources. Alone may not be suspicious, but when aggregated may tell a different story.
  • SIEM (Security Information and Event Management) – devices used to monitor and log events. Must be tuned to minimize false positives.
  • IDPS (Intrusion Detection/Prevention System) – devices to detect and prevent attacks respectively. Typically located at firewalls.

 

Coming Soon
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Hands On Lab
Verified
Microsoft Designing Business Intelligence Solutions with Microsoft SQL Server Virtual Lab
Prove your capabilities as an exceptionally skilled enterprise professional and work hands- on using Microsoft SQL Server 2012 databases. In the Microsoft 70-467 Virtual Lab, learn to effectively plan business intelligence (BI) infrastructure, design BI infrastructu
24 Hours
Practice Test
Verified
Microsoft 70-467: Designing Business Intelligence Solutions with Microsoft SQL Server
Prove your capabilities as an exceptionally skilled enterprise professional and learn to work more efficiently using Microsoft SQL Server databases.
22 Hours
Recommended Study Material

Recorded Future Cyber Daily

 

 

With new threats lurking around every corner, you need to be prepared. Join thousands of your infosec peers and subscribe to the Cyber Daily for free trending threat intelligence insights.

 

 

Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Profile image for 000harwinder000
Harwinder Singh
NSA | Crypto Challenge of the Week | Week 16
Views: 89 / April 22, 2018
Profile image for bisoye
Bisoye
Step into Cyber Security
Views: 137 / April 22, 2018
Profile image for thomassujain
thomassujain
The Importance of jQuery Mobile in 2018
Views: 115 / April 22, 2018
Profile image for rowabi
rowabi
HoneyBOT
Views: 763 / April 21, 2018
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel