A Guide to Producing Threat Intelligence from a Security Analysis Perspective
This article explains how threat intelligence is generated by defining it as judged security information, outlines methods for collecting and evaluating security data, introduces a two‑dimensional reliability/quality rating system, and provides a step‑by‑step engineering workflow for enterprise threat‑intelligence operations.
From a security analysis viewpoint, this article defines threat intelligence as judged security information, explains that unjudged security data cannot be called threat intelligence, and describes the relationship: security information + analysis = threat intelligence.
It discusses the challenges of collecting security information, emphasizing the need for clear objectives, scope, and a collection plan that considers information categories, entry points, sources, and timing.
The article outlines the requirements for collected data: cleanliness, availability, precision, coverage, trustworthiness, and timeliness, and categorizes sources into OSINT, closed, and confidential data, describing their characteristics and acquisition methods.
Information judgment is presented as a crucial stage, with both human and machine‑learning approaches, noting the limitations of fully automated analysis and the necessity of human involvement to achieve high confidence (99.99%).
A measurement framework is introduced, evaluating information on two dimensions—source reliability and information quality—using a six‑level rating (completely reliable, usually reliable, generally reliable, unknown, untrustworthy, definitely untrustworthy) and a similar scale for the information itself (very high, high, average, unknown, low, no value).
By plotting source reliability on the Y‑axis and information quality on the X‑axis, the article shows how to classify processed data into valuable threat intelligence, intelligence requiring manual judgment, or junk.
The practical section provides a step‑by‑step workflow for enterprise vulnerability threat intelligence: defining scope, creating a collection plan, setting measurement criteria, machine analysis, manual judgment, and disposition.
Finally, the author notes that the article offers an engineering‑oriented solution for threat intelligence production and invites readers to comment for future topics.
Reference: [1] “A Brief Discussion on the Security Analysis Lifecycle”.
360 Tech Engineering
Official tech channel of 360, building the most professional technology aggregation platform for the brand.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.