38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
---
|
||
title: "Threat Intelligence"
|
||
type: concept
|
||
tags:
|
||
- Security
|
||
- Intelligence
|
||
- SIEM
|
||
last_updated: 2026-04-14
|
||
---
|
||
|
||
# Threat Intelligence
|
||
|
||
## Definition
|
||
通过收集、分析和传播关于现有和新兴威胁的信息,使组织能够主动防御安全威胁。
|
||
|
||
## Components
|
||
- **威胁情报 feeds**:从多个来源收集威胁数据
|
||
- **工具组件(Tool Components)**:主动监控环境
|
||
- **检测与威胁狩猎(Detection & Threat Hunting)**:主动发现潜在威胁
|
||
- **SIEM(安全信息与事件管理)**:大规模日志处理
|
||
|
||
## OpenText Scale
|
||
- 大规模 SIM(安全信息管理)实现
|
||
- 月处理 **2250 亿条日志**(225 billion log rugs)
|
||
- 月分诊约 **350 个案例**
|
||
- 利用 [[BrightCloud]] 作为威胁情报 feed 来源
|
||
|
||
## Relationship to Other Concepts
|
||
- 与 [[Third-Party-Penetration-Testing]] 配合,形成"情报+测试"的主动防御体系
|
||
- 支撑 [[Global Information Security Policy (GISP)]] 的监控和响应要求
|
||
- 与 [[ISO-27001]] 的运营安全(Operations Security)控制相一致
|
||
|
||
## Connections
|
||
- [[BrightCloud]]:威胁情报工具
|
||
- [[Global Information Security Team (GIS)]]:运营团队
|
||
- [[ISO-27001]]:框架基础
|
||
- [[OpenText]]:实施组织
|