What is threat-intelligence?
Actionable security data.
🌐 Terminy w innych językach:
Actionable security data.
graph LR
Center["What is threat-intelligence?"]:::main
Pre_cybersecurity["cybersecurity"]:::pre --> Center
click Pre_cybersecurity "/terms/cybersecurity"
Pre_malware_analysis["malware-analysis"]:::pre --> Center
click Pre_malware_analysis "/terms/malware-analysis"
Rel_incident_response["incident-response"]:::related -.-> Center
click Rel_incident_response "/terms/incident-response"
Rel_security_operations_center_soc["security-operations-center-soc"]:::related -.-> Center
click Rel_security_operations_center_soc "/terms/security-operations-center-soc"
Rel_digital_forensics["digital-forensics"]:::related -.-> Center
click Rel_digital_forensics "/terms/digital-forensics"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Wyjaśnij jak 5-latkowi
🕵️ Knowing your enemy—what they want, how they attack, and what tools they use—so you can stop them before they even try.
🤓 Expert Deep Dive
## The Pyramid of Pain
In Threat Intel, blocking a Hash is easy for the defender but trivial for the attacker to bypass. Moving up the pyramid to IP Addresses, Domain Names, and finally TTPs (Tactics, Techniques, and Procedures) makes the defender's job harder but causes 'pain' for the attacker, forcing them to reinvent their entire methodology.
🔗 Powiązane terminy
Wymagana wiedza: