Threat Intelligence and Detection
Gathering, processing, analysing, and disseminating information about current and emerging cyber threats, threat actors, and attack methods to enable proactive threat detection and response.
Proficiency Level
Level 1 (Follow)
- Follows procedures for handling threat intelligence alerts or indicators of compromise (IoCs) received through internal tools or communications.
- Understands the concept of threat intelligence and its purpose at a basic level.
- Knows where to find approved sources of basic threat information within the organisation.
Level 2 (Assist)
- Assists analysts in collecting and organizing threat intelligence data from predefined feeds, reports, and sources.
- Helps perform basic searches or correlations for known IoCs (e.g., malicious IP addresses, file hashes) within security logs or tools under guidance.
- Supports the maintenance of threat intelligence repositories or tracking systems.
Level 3 (Apply)
- Analyses structured threat intelligence reports (e.g., identifying relevant Tactics, Techniques, and Procedures - TTPs, IoCs) applicable to the organisation's environment.
- Uses validated threat intelligence (e.g., IoCs, detection rules) to configure or tune security detection tools (e.g., SIEM, IDS/IPS, EDR).
- Conducts basic investigations into security alerts potentially linked to threat intelligence findings.
Level 4 (Ensure)
- Manages key aspects of the threat intelligence lifecycle, including requirement definition, collection planning, analysis, and dissemination of actionable intelligence.
- Develops custom threat detection rules, queries, or use cases within security monitoring platforms based on analysed intelligence and understanding of adversary TTPs.
- Correlates threat intelligence with internal security event data to proactively identify potential intrusions or campaigns.
- Produces tailored intelligence briefings or reports for different audiences (e.g., technical responders, management).
Level 5 (Strategise)
- Develops and oversees the organisation's comprehensive threat intelligence strategy, program, and capabilities (people, process, technology).
- Determines strategic intelligence requirements based on business risks and the evolving threat landscape.
- Establishes relationships with external intelligence communities, feeds, and partners.
- Integrates threat intelligence deeply into strategic security decision-making, risk management, incident response planning, and defensive posture adjustments.