There are several categories of threat intelligence.

https://info-savvy.com/types-of-threat-intelligence/

Technical Threat Intelligence

Technical cyber intelligence involves collecting information about the attacker’s resources, such as command & control channels and tools. For example, it focuses on technical clues that indicate cybersecurity threats to phishing emails and malicious URLs. The goal is to collect information on specific IOCs (IP addresses, phishing email headers, hash checksums). This type of threat intelligence is important because it allows for the analysis of attacks. However, the value of technical threat intelligence is short-lived because hackers often change tactics. It is crucial to detect and analyze IOCs at the right time. Tactical intelligence is used by SOC team members. The information obtained here leads to new rules being written into the organization’s current security products (IDS/IP, firewalls, endpoint security systems, etc.). Suspicious IPs may also be detected from spam emails. The information obtained is directly fed back into the organization’s products.

Strategic Threat Intelligence

Strategic threat intelligence provides advanced information on cybersecurity posture, threats, financial impact of cyber activities, attack trends, and their impact on business decisions. The information obtained can be used by senior management of companies. The purpose of strategic threat intelligence is to manage existing cyber risks and future unknown risks. This intelligence offers a risk-based approach, focusing on the impact and likelihood of risks. The information provided is suitable for long-term use and aids in strategic business decision-making. For example, it can be used to evaluate outcomes when deciding on the balance of budget, employees, and products to protect critical assets. The sources of data collection for strategic intelligence are high-level sources. OSINT, CTI vendors, ISAO / ISACS.

Operational Threat Intelligence

Operational threat intelligence provides information to defense team managers about specific threats to the company. Network defense managers, fraud detection managers, and incident response team managers understand the effects of attacks. The received intelligence attempts to identify the threat actors and assess their capabilities and the IT assets at risk.

Operational threat intelligence involves collecting information through hacker forums, chat rooms, social media, and current cyber attacks. The collected information is used to estimate possible attacks and issue defense plans.

Tactical Threat Intelligence

Tactical threat intelligence provides detailed information on the tactics, techniques, and procedures of threat actors. It is primarily aimed at technicians and helps understand how the network can be attacked based on the latest methods used by attackers. It provides information consumable by security professionals such as IT administrators, SOC managers, NOC managers. These employees use tactical cyber intelligence to understand the technical capabilities and objectives of attacks and identify strategies for detection and mitigation. Tactical cyber intelligence is collected through malware and incident reports, attack group reports, human intelligence, campaign reports, etc.