Go to SIRP
All Collections
User Guide
Threat Intelligence

Threat Intelligence

Ahmad avatar
Written by Ahmad. Updated over a week ago

Threat intelligence is the information used by organizations to understand global cyber threats that may target them. This information is used to understand the attacks happening around the world.

SIRP Threat Intelligence module helps security teams mitigate risks, bolster incident response, and enhance your overall security ecosystem. This comprehensive threat intelligence module enables security analysts to ingest and explore threat advisories and verify applicability to the organization.

Pending

This is the list of all the ingested threat advisories (from various sources) which are to be reviewed by an analyst.

To access advisories currently in a pending state, go to the Main Menu, select Threat Intelligence, and click on Pending.

Main Menu > Threat intelligence > Pending

You can also view the details, or Edit/Delete any record by clicking on the respective icons provided under the Actions column.

If you wish to add an advisory, click on the Create Threat Intelligence button at the top left corner.

Fill in the following information on the next page:

  • Title: Title of advisory

  • Receive Date: The date when the advisory was received

  • Release Date: Actual date when advisory was released i.e. when the status was changed from Pending to Release

  • Severity:

  1. Low

  2. Medium

  3. High

  • Category:

  1. Data Breach

  2. Information Update

  3. Phishing

  4. Social Engineering

  5. Vulnerability, etc.

  • Asset/Type:

  1. Asset: Choose this option if you tag an Asset in this advisory.

  2. Asset Type: Choose this option if you are tagging an Asset Type (comprising multiple assets) in this advisory

  • Asset Type: Select the asset type to which a particular advisory pertains (the list of available types can be changed from the Admin section):

  • Department: Select the relevant department (the list of departments can be changed from the Admin section).

  • Type: The type of advisory that’s being created:

  1. Advisory

  2. Alert

  3. Informative Update

  4. Update

  • Status

  1. Pending

  2. Release

  • Analysis Summary: Enter important information about the threat

  • Description: Provide a brief description of the advisory

  • Indicator of compromise: Add artifacts such as:

  1. Hashes

  2. IP Addresses

  3. Email address

  4. Domains

  5. URLs, etc.

  • Affected Vendors: In case of a patch-related advisory, select the vendor of the affected product

  • Affected Products: Select the exact product for which the advisory is being released

  • Impact: Describe the potential impact of the threat

  • Remediation: Provide suggested remediation. For example, apply patches, upgrade software versions, etc.

Release

This list contains the threat advisories that have been released or circulated within an organization. To access Released advisories, open the Main Menu, select Threat Intelligence, and click on Release.

Main Menu > Threat Intelligence > Release

You can also download all list of all the released advisories by clicking on the icon at the top of the page.

Reports

Click on the Reports button displayed at the top of the page in order to generate a report of the released advisories.

You will be directed to a page where you can generate reports by choosing a date range and clicking on the Generate button.

Cases

You can click on the Cases button displayed at the top of the page to view Advisories-related cases.

The All tab shows all cases aggregated together, while Incident, Threat Intell Case, VM Cases show cases separated by the container.

Did this answer your question?