ThisCentric IntelligenceDiamond Model for Intrusion AnalysisAnalysis of Adversary Campaigns and Intrusion Kill ChainsĀ A final note on collectionIn many cases,analysis can only be as expedient as the information that it is based off of. Intelligence analysts are trained to evaluate the source of information in order to better understand whether there are biases or concerns about the reliability that need to be taken into account. In cyber threat intelligence we, by and large, or rely on data collected by others and may not contain much information on its source,reliability, or applicability. This is one of the reasons that analyzing information from your own network is so indispensable, or however it is also indispensable that we,as a community, are as transparent as possible with the information we are providing to others to be used in their analysis. There are always concerns about revealing sources and methods, and so we need to find a balance between protecting those methods and enabling expedient analysis.
Source: rapid7.com