CTI
Threat intelligence
CTI helps read technical indicators in context and turn them into defensive decisions. The workflows here focus on passive checking, verification, and reporting.
First steps
- Name the indicator type: domain, IP, URL, hash, or CVE.
- Collect date and context from passive sources.
- Write the false-positive risk.
- Recommend a defensive action with confidence.
Limits
- No exploit or proof-of-concept execution guidance.
- Do not test systems without authorization.
- Do not download or run suspicious files on your main system.
What this field covers
A quick scope view.
IOC checks
CVE verification
Domain and IP reputation
Malware-report reading
Defensive notes
Related source collections
Good places to start in this field.
Threat intelligence
AlienVault OTX
Use for IOC context, reputation checks, and defensive security notes.
Open sourceCVE and vulnerability tracking
CISA Known Exploited Vulnerabilities Catalog
Use for vendor advisories, CVE status, exploitation context, and defensive reporting.
Open sourceCVE and vulnerability tracking
CVE.org
Use for vendor advisories, CVE status, exploitation context, and defensive reporting.
Open sourceDomain and DNS intelligence
DNSDumpster
Use for domain ownership context, DNS records, certificates, and passive web traces.
Open sourceDomain and DNS intelligence
DNSViz
Use for domain ownership context, DNS records, certificates, and passive web traces.
Open sourceCVE and vulnerability tracking
FIRST EPSS
Use for vendor advisories, CVE status, exploitation context, and defensive reporting.
Open source