Threat Intelligence Platforms

Threat Intelligence Platforms

Threat Intelligence Platforms (TIPs):

  • Definition: TIPs are software tools that organize multiple threat intelligence feeds into a single stream. They help you get alerts and manipulate data efficiently.

Who Uses TIPs:

  1. Security Operations Center (SOC) Teams: They use TIPs to automate daily tasks.

  2. Threat Intelligence Teams: They use TIPs to assess and predict threats based on enriched data.

  3. Executive and Management Teams: They use TIPs for dashboards that display threat trends to aid decision-making.

Common Capabilities:

  1. Collect: TIPs automatically gather data from various sources (open source, paid feeds, reports, etc.).

  2. Manage: TIPs process data by sorting, normalizing, deduplicating, and enriching it, freeing analysts to focus on analysis.

  3. Integrate: TIPs deliver processed data to systems that use it to improve threat detection.

Examples of TIPs:

  • OTX (Open Threat Exchange): A community platform sharing millions of threats daily.

  • MISP (Malware Information Sharing Platform): An open-source platform for sharing and correlating indicators of compromise.

  • CRITS (Collaborative Research into Threats): An open-source repository for storing and discovering threat data.

  • ThreatConnect: Offers both free and paid platforms with features like orchestration and customizable dashboards.

  • STAXX: An open-source platform compatible with STIX and TAXII standards, providing threat trends and enrichment.

PreviousStorage and IntegrationNextAnalysis

Last updated