{"id":20493860,"url":"https://github.com/qeeqbox/threat-intelligence","last_synced_at":"2026-02-06T07:04:48.229Z","repository":{"id":104219198,"uuid":"525646685","full_name":"qeeqbox/threat-intelligence","owner":"qeeqbox","description":"Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)","archived":false,"fork":false,"pushed_at":"2024-02-18T18:01:28.000Z","size":187,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-16T05:55:51.033Z","etag":null,"topics":["cycle","infosecsimplified","qeeqbox","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-08-17T05:05:16.000Z","updated_at":"2024-10-03T22:11:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"e9f236d2-658b-44c3-bfcc-9cbaa65abc7a","html_url":"https://github.com/qeeqbox/threat-intelligence","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fthreat-intelligence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fthreat-intelligence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fthreat-intelligence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fthreat-intelligence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/threat-intelligence/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242075451,"owners_count":20068225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cycle","infosecsimplified","qeeqbox","threat-intelligence"],"created_at":"2024-11-15T17:37:10.040Z","updated_at":"2026-02-06T07:04:48.180Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/threat-intelligence/main/threat-intelligence.png\"\u003e\u003c/p\u003e\n\n### Threat Intelligence\n\nThreat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)\n\n* * *\n\n### Threat Intelligence Types\n\n* Tactical Threat Intelligence\n * Addresses the what (Focuses on threat actor tactics, techniques, and procedures TTPs)\n * Scenario\n * You receive malware alerts from TIP, and the sigs get digested automatically by the endpoint security server, the server pushes the new sigs to endpoint clients\n * Examples \n * Malware hash\n * URLs\n * IPs\n * Collected from\n * Dark web\n * Public reports\n * Used for \n * SIEM\n * Firewall\n * Endpoints\n * IDS/IPS\n * SOC\n* Operational Threat Intelligence\n * Addresses the how and where (Focuses on how and where a threat happen/happened)\n * Scenario\n * You receive an alert about a newly discovered MFA bypass vulnerability in a specific software. The software is currently being used by the company you work for, you patched the vulnerability and keep an eye on it by creating detection rules\n * Collected from\n * Dark web forums\n * Private forums\n * Social networks\n * Used by \n * Defenders\n * Malware Analysts\n * IR\n * SOC\n * CISO\n * CIO\n * Used for\n * Prevent or respond to attacks\n * Identify possible attacks\n * Prioritize updates\n * Gain deep understanding of attacks\n* Strategic Threat Intelligence\n * Addresses the who and why (Focuses on identifying the threat actor behind the threat and why the origination is being targeted)\n * Scenario\n * You receive an alert about a ransom gang targeting higher education institutions; you work for a higher education institution and could be a target of that Ransom gang; the higher education institution decided to implement stronger access controls. Later, you found out that the Ransom gang failed to breach the higher education institution due to the new implementation\n * Examples\n * CISA Alert about a threat actor\n * Used by\n * The board\n * Executives\n * C-Level\n * Used for \n * Make informed investment decisions\n * Manage risk strategies and investments based on the cyber threat landscape\n\n* * *\n\n### Threat Intelligence Steps\n\n#### Planning \u0026 Direction\n\nDefine the scope and goals of the threat intelligence program (what problems need to be solved and what data has to be obtained to deliver the proper solutions)\n\n#### Collection\n\nCollect data from multiple sources\n\n* Open Source Intelligence (OSINT)\n * Intelligence collected from free tools or resources\n* Social Media Intelligence (SOCMINT)\n * Intelligence collected from social media platforms\n* Human Intelligence (HUMINT)\n * Intelligence collected and provided by human sources\n* Geospatial Intelligence (GEOINT)\n * Intelligence collected from images analysis and data associated with a particular location\n* Measurement and signature intelligence (MASINT)\n * Intelligence collected from quantitative and qualitative data about specific target (Requires complex tools and equipment to obtain information)\n* Signals Intelligence (SIGINT)\n * Intelligence collected from electronic signals and systems\n* Technical Intelligence (TECHINT)\n* Imagery Intelligence (IMINT)\n * Intelligence collected through the interpretation or analysis of imagery, infrared, lasers, multi-spectral sensors, or radar\n* Financial Intelligence (FININT)\n * Intelligence collected about suspicious or unusual financial activities\n\n#### Processing\n\nConvert the gathered raw data into a readable\\\\usable format (Remove false positives and structure the data)\n\n#### Analysis \u0026 Production\n\nEvaluate the structured data and create actionable information based on the requirements specified in the Planning step\n\n#### Dissemination \u0026 Feedback\n\nShare the finished intelligence output with the appropriate stakeholders\n\n* * *\n\n### Threat Intelligence FeedsĀ \n\nExternal streams of data related to potential or current threats, those feeds can be ingested into security tools and platforms to find or block a threat.\n\n## ID\nfe47147d-35bb-4d54-b2e2-0299050a6ceb\n\n## References\n- https://en.wikipedia.org/wiki/Threat_intelligence\n- https://en.wikipedia.org/wiki/List_of_intelligence_gathering_disciplines\n- https://csrc.nist.gov/glossary/term/threat_intelligence\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fthreat-intelligence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fthreat-intelligence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fthreat-intelligence/lists"}