This course aims to teach learners how to find the best Threat Intelligence (TI) provider for a specific purpose. The learning outcomes include understanding notable previous research, developing a standard model, comparing TI vendors, and analyzing APT IoCs. The course covers skills such as building a detection stack, creating a threat model, and evaluating the timeliness and accuracy of TI data. The teaching method involves a structured approach with sections like IntroMission Briefing and Progress Report. The intended audience for this course includes security professionals, data analysts, and researchers interested in threat intelligence and cybersecurity.
Overview
Syllabus
Intro
Mission Briefing
Mission Plan
Notable previous research
Detection Stack
Threat Model
Approach
Develop a Standard Model 1/2
Potential TI vendors
Pull data for a specific time window
Put data into a common platform
Progress Report
Compare APT loC's across different dimensions
Compare timeliness across vendors
Compare false positives
Compare distribution of loc's
Mission completed?
Takeaways for Tl vendors
Takeaways for Blue Teamers
Takeaways for data people & security researchers
Taught by
Cooper
