ExercisesSOC Operations Language › Threat Intelligence

Threat Intelligence

5 questions · SOC Operations Language

1. A data stream providing current IOCs, threat actor profiles, and TTPs — updated regularly from commercial or open-source providers — is called:
2. A standard machine-readable format for exchanging threat intelligence objects (campaigns, malware, indicators, courses of action) between organisations is called:
3. After attributing an attack to a specific nation-state group, the team builds a profile of that group's preferred tools, techniques, and targets. What is this profile called?
4. The SOC receives a report that a threat actor typically enters via spear-phishing, escalates privileges via LSASS dumping, then moves laterally using Pass-the-Hash. These documented behaviours are collectively called:
5. An information sharing group where financial sector organisations exchange threat intelligence about attacks targeting their industry is called:

Exercise complete!

out of 5 questions