Defense & Operations
Threat Intelligence
Also known as: TI, Threat Intel
Definition
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Threat intelligence is the structured collection, processing, analysis and dissemination of information about adversaries, their motivations, capabilities and infrastructure. It transforms raw data (malware samples, IPs, domains, leaked credentials, dark-web chatter, vulnerability reports) into actionable intelligence by adding context, confidence and a relevant audience. Organizations consume threat intelligence through feeds (STIX/TAXII, MISP), platforms (TIP), vendor reports and ISAC sharing to enrich SIEM and EDR detections, guide patching and inform executive risk decisions. Intelligence is typically classified by audience and time horizon into strategic, operational and tactical levels.
Examples
- An ISAC sharing IoCs associated with a new ransomware affiliate hours before it hits members.
- A TIP enriching SIEM events with actor attribution, MITRE ATT&CK techniques and confidence scoring.
Related terms
Cyber Threat Intelligence (CTI)
Evidence-based, contextualised knowledge about cyber threats that helps defenders make faster, better-informed security decisions.
Tactical Threat Intelligence
Tactical Threat Intelligence — definition coming soon.
Strategic Threat Intelligence
Strategic Threat Intelligence — definition coming soon.
Operational Threat Intelligence
Operational Threat Intelligence — definition coming soon.
Indicator of Compromise (IoC)
Indicator of Compromise (IoC) — definition coming soon.
Tactics, Techniques and Procedures (TTPs)
Tactics, Techniques and Procedures (TTPs) — definition coming soon.