Auto-sync: update nexus workspace
This commit is contained in:
37
wiki/concepts/Threat-Intelligence.md
Normal file
37
wiki/concepts/Threat-Intelligence.md
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
title: "Threat Intelligence"
|
||||
type: concept
|
||||
tags:
|
||||
- Security
|
||||
- Intelligence
|
||||
- SIEM
|
||||
last_updated: 2026-04-14
|
||||
---
|
||||
|
||||
# Threat Intelligence
|
||||
|
||||
## Definition
|
||||
通过收集、分析和传播关于现有和新兴威胁的信息,使组织能够主动防御安全威胁。
|
||||
|
||||
## Components
|
||||
- **威胁情报 feeds**:从多个来源收集威胁数据
|
||||
- **工具组件(Tool Components)**:主动监控环境
|
||||
- **检测与威胁狩猎(Detection & Threat Hunting)**:主动发现潜在威胁
|
||||
- **SIEM(安全信息与事件管理)**:大规模日志处理
|
||||
|
||||
## OpenText Scale
|
||||
- 大规模 SIM(安全信息管理)实现
|
||||
- 月处理 **2250 亿条日志**(225 billion log rugs)
|
||||
- 月分诊约 **350 个案例**
|
||||
- 利用 [[BrightCloud]] 作为威胁情报 feed 来源
|
||||
|
||||
## Relationship to Other Concepts
|
||||
- 与 [[Third-Party-Penetration-Testing]] 配合,形成"情报+测试"的主动防御体系
|
||||
- 支撑 [[Global Information Security Policy (GISP)]] 的监控和响应要求
|
||||
- 与 [[ISO-27001]] 的运营安全(Operations Security)控制相一致
|
||||
|
||||
## Connections
|
||||
- [[BrightCloud]]:威胁情报工具
|
||||
- [[Global Information Security Team (GIS)]]:运营团队
|
||||
- [[ISO-27001]]:框架基础
|
||||
- [[OpenText]]:实施组织
|
||||
Reference in New Issue
Block a user