How to Use Threat Intelligence Effectively in Security Automation and Orchestration with DFLabs and Cisco Security
In the event of a security incident, the entire scope and chain of events won’t be always obvious from the outset. Usually, a single indicator or security alert provides the first inkling that something is wrong. This is true for more advanced, complex or targeted attacks. The security team takes that small, possibly benign event, and determines if it is indeed an incident (triage); and if so, the full scope and impact of the incident (investigation).
Security teams usually rely on threat intelligence during both the triage and investigation stages of an event. This information can be crucial in determining the veracity of an alert and then pivoting from the first indicator to quickly determine the scope of the potential incident.
Read the entire article here.