Threat intelligence is the knowledge that allows you to prevent or mitigate cyberattacks. Threat intelligence provides context that helps you make informed decisions about your security by answering questions like who is attacking you, what their motivations and capabilities are, and what indicators of compromise in your systems to look for.
Threat Intelligence (TI) feeds are a continuous stream of the latest threat data and global attacks, such as the Artifacts/IOCs (Indicators of Compromise), which are to be fed to technologies like SIEM and EDR. Threat Intelligence Feeds are actionable information, and they must be implemented along with technical controls so that cyberattacks can be prevented.
SIRP provides you with an extensive list of Threat Intelligence feeds already configured in the system, and also allows you to add your own feeds, divide them into categories, subcategories, and dispositions.
Categories
To manage the list of Categories, navigate to the Threat Intelligence page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Threat Intelligence tab at the top of the page, and then Category under that.
Main Menu > Administration > Threat Intelligence > Category
This page displays the list of all available TI Categories.
To add a new category, click on the Create Category button at the top. Clicking on the button will display a popup. Enter the Name of the category, then click Create.
The newly added TI Category will appear in the main list. You can either edit
or delete any of the existing or newly created records.
Subcategories
Threat intelligence categories can be divided into sub-categories. To manage the list of TI sub- categories, navigate to the Threat Intelligence page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Threat Intelligence tab at the top of the page, and then click Subcategories under that.
Main Menu > Administration > Threat Intelligence > Subcategories
To add a new subcategory, click on the Create Subcategory button at the top. Clicking on the button will display a popup. Select the Parent Category, enter the Name of the subcategory, its Description and select its Severity from the dropdown, then click Create.
The newly added sub-category will appear in the main list. You can either edit
or delete any of the existing or newly created records.
Disposition
Threat Intelligence Disposition explains the inherent nature of a threat. By default, there are four TI dispositions available:
A threat as an Advisory
A threat as an Alert
A threat as Informative Update
A threat as a simple Update
Both dispositions demand a different kind of response against a threat.
To manage the list of Dispositions, navigate to the Threat Intelligence page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Threat Intelligence tab at the top of the page, and then Dispositions under that.
To add a new disposition, click on the Create Disposition button at the top. Clicking on the button will display a popup. Enter the Name of the disposition, then click Create.
The newly added disposition will appear in the main list. You can either edit
or delete any of the existing or newly created records.