Free Preparation Discussions
MENU
Eccouncil Exam 312-85 Topic 3 Question 30 Discussion
Topic #: 3
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.
Tactical threat intelligence analysis focuses on the immediate, technical indicators of threats, such as the tactics, techniques, and procedures (TTPs) used by adversaries, their communication channels, the tools and software they utilize, and their strategies for evading forensic analysis. This type of analysis is crucial for operational defenses and is used by security teams to adjust their defenses against current threats. Since John successfully extracted information related to the adversaries' modus operandi, tools, communication channels, and evasion strategies, he is performing tactical threat intelligence analysis. This differs from strategic and operational threat intelligence, which focus on broader trends and specific operations, respectively, and from technical threat intelligence, which deals with technical indicators like malware signatures and IPs. Reference:
'Tactical Cyber Intelligence,' by Cyber Threat Intelligence Network, Inc.
'Intelligence-Driven Incident Response: Outwitting the Adversary,' by Scott J. Roberts and Rebekah Brown
Currently there are no comments in this discussion, be the first to comment!