Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Advanced Cyber Threat Intelligence

via Cybrary


Cyber threats keep getting more complex and sophisticated and security teams cannot continue playing whack-a-mole. Basic methods and tools are no longer efficient against these emerging threats. This is why moving towards more data driven security is a necessity and of course all of this requires specific skills that you will be learning through this course. This course, Advanced Cyber Threat Intelligence, is built with the intelligence cycle in mind to create a consistent image and a logical sequence of how to build and leverage a Threat Intelligence program.

So, you will be interested to enroll in the course if you already have some basic knowledge about cyber threat intelligence and you are looking for a course to enhance your existing skills, or perhaps you are building a new Cyber Threat Intelligence program for your organization.

The advanced Cyber Threat Intelligence course will benefit security practitioners and individuals interested in preventing cyber threats. In this course, we will discuss how Threat Intelligence can help you leverage your existing data sources to extract useful information and how to find complementary information and intelligence from external sources. We will also explain how to get actionable data through the process of vetting and the importance of this task to reduce efforts on false positives investigations.

The next part will be dealing with analysis of intrusion and campaigns. It can help you structure your analysis using models and techniques like the Analysis of Competing Hypotheses, the Cyber Kill Chain and MITRE ATT&CK. A full part will be dedicated to campaign investigation and its sophisticated analysis methods such as Visual analysis and Heatmap analysis. Another interesting part of the analysis is attribution. Working on complex investigations can often lead to create confusion or even push analysts to use shortcuts to come up with conclusions especially related to attribution. At some point, it becomes a handicap to think properly but if the analysts are unable to identify these issues, they won’t be able to defeat them. For this reason, one of the modules will discuss biases and logical errors identification and giving advice on how to manage them.

And finally, one of the key concepts of Cyber Threat Intelligence is dissemination. Therefore, it is essential to choose the right format of intelligence to share based on your targeted audience (tactical, operational, strategic).


  • Familiar with networking essentials
  • Familiar with security terminology (Firewall, SIEM, IPS, …)
  • Complete the “Intro to Cyber Threat Intelligence” course
  • Basic OSINT knowledge
  • Basic understanding of the Cyber Kill Chain
  • Basic understanding of data analysis

Course Goals

By the end of this course, students should be able to:

  • Run a threat intelligence program for an organization
  • Collect and select relevant intelligence to enhance detection and response
  • Analyze a campaign using ACH
  • Understand the mindset of modern attackers and adapt detection & response strategies based on Cyber Threat Intelligence analysis
  • Challenge and manage biases in intrusion analysis
  • Provide actionable advice about emerging threats
  • Build and disseminate threat intelligence reports based on the intended audience


  • Module 1: Introduction
    • 1.1 Course Introduction
    • 1.2 Introduction to the Intelligence Lifecycle
  • Module 2: Collection
    • 2.1 Introduction to Data Collection
    • 2.2 Internal Data Acquisition
    • 2.3 External Data Sources
    • 2.4 Private Data Sources Part 1
    • 2.5 Private Data Sources Part 2
    • 2.6 Community Data Sources
    • 2.7 Public Data Sources Part 1
    • 2.8 Public Data Sources Part 2
    • 2.9 Leveraging OSINT Part 1
    • 2.10 Leveraging OSINT Part 2
  • Module 3: Data Management and Processing
    • 3.1 Introduction to Data Processing
    • 3.2 Common CTI Standards Part 1
    • 3.3 Common CTI Standards Part 2
    • 3.4 Storage and Integration
    • 3.5 Threat Intelligence Platforms
  • Module 4: Analysis
    • 4.1 Introduction to Analysis
    • 4.2 Analysis of Competing Hypothesis
    • 4.3 Cyber Kill Chain and Diamond Model
    • 4.4 Cyber Kill Chain and Courses of Action Matrix
  • Module 5: Campaign Analysis
    • 5.1 Introduction to Campaigns
    • 5.2 Heatmap Analysis
    • 5.3 Visual Analysis
    • 5.4 MITRE ATT&CK and the MITRE Threat Groups Track
    • 5.5 Threat Intelligence Naming Conventions
  • Module 6: Attribution
    • 6.1 Introduction to Attribution
    • 6.2 Cognitive Biases
    • 6.3 Logical Fallacies
    • 6.4 How to Manage Biases
    • 6.5 Nation-State Attribution Part 1
    • 6.6 Nation-State Attribution Part 2
  • Module 7: Dissemination and Sharing
    • 7.1 Introduction to Dissemination
    • 7.2 Tactical Intelligence
    • 7.3 Operational Intelligence
    • 7.4 Strategic Intelligence
  • Module 8: Summary
    • 8.1 Summary
  • Course Assessment
    • Course Assessment - Advanced Cyber Threat Intelligence

Taught by

Alyssa Berriche


Start your review of Advanced Cyber Threat Intelligence

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.