Threat intelligence is proof-based knowledge, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets.
With Logsign Threat Intelligence, the process you will see below is operated continuously. Continuous analysis studies are conducted on intelligence data to reduce risks and eliminate uncertainties.
Requirements: This is the first step and there must be requirements and priorities set. Decision-makers need to identify what they specifically want to know and what the TI process should be telling them.
Collection: The second step includes all the different activities, mainly research, that involves the collection of data to satisfy the requirements defined. The step that can dominate much of a Threat Intelligence budget is to collect the information or data that is expected, once analyzed, to fulfill the requirements.
Analysis: It is necessary to analyze and manipulate threat data with different intelligence. Whereas simple analysis studies are enough in some cases, detailed analysis studies are also required in different incidences.
Production: At this stage, the threat intelligence product is created and distributed to customers. The product will accommodate changes in intelligence and inferiority of the client, and will meet detailed requirements.
Assessment: Another challenge of threat intelligence is to assess whether it meets the requirements of the intelligence product. As needs evolve, it will help to prepare the infrastructure for development that meets new and deeper requirements through the intelligence product.
Now, let's open the Search module from the Logsign SIEM web interface and see how the data is enriched with threat intelligence using Intelligence.IP:* query.
When we select Intelligence.Type from Search Filter and click on the empty space, the number of events matching the intelligence types will appear. After selecting any of them, let's press the Search button.
Let's choose any log and click More Details to examine the log.
In the Intelligence column, you can see threat intelligence data.