![]() ![]() Once this data is inspected for applicability, it must then be validated against evidence found within the impacted organization. The pivot process takes the retrieved individual IoC data points (listed in IoC section) and attempts to pull relevance against the retrieved threat data. This is where tactical manual verification and IoC pivoting takes over. Using threat intelligence automated feeds and frameworks is definitely helpful for rapid mass consumption of the threat data, but it still doesn’t provide actionable threat-related data. The intelligence gathered can provide an organization with greater understanding of their security exposure, as well as add critical incident telemetry and best-case scenario threat actor or threat group attribution. Within Incident Response, the end goal is to derive useable IoC threat intelligence, which is why it is paramount to scrutinize the retrieved threat data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |