Become a Certified Threat Intelligence Essentials T|IE

Threat Intelligence Essentials T|IE

What is EC-Council Threat Intelligence Essentials?

Cybersecurity and technology-based mitigation approaches rely heavily on intelligence. This program aims to enhance your understanding and implementation of foundational threat intelligence concepts, including differentiating intelligence from data or information and highlighting its vital role in modern cybersecurity. Additionally, the program enables students to thoroughly explore the threat intelligence lifecycle, understand its significance in shaping team roles, delve into the ethical and legal considerations, and understand the importance of measuring threat intelligence effectiveness.

As you progress through the program, you’ll master the different types of threat intelligence: strategic, operational, tactical, and technical. You’ll learn how each uniquely contributes to areas like regulatory compliance and risk management. In the later modules, you’ll engage in hands-on activities that involve data collection, analysis, and the use of Threat Intelligence Platforms (TIPs) for real-world applications in threat hunting and detection.

Put your newly acquired abilities to the test with an exhilarating Capture the Flag (CTF) Exercise seamlessly integrated in our Capstone project. This CTF is seamlessly integrated by live virtual machines, genuine software, and real networks, all delivered within a secure and regulated sandbox environment. With these exclusive hands-on, human-versus-machine CTF challenges you will develop the hands-on proficiencies essential for success in your cyber professional role. The program culminates with a forward-looking perspective, emphasizing the importance of continuous learning and staying ahead of future trends in this ever-evolving field. Threat Intelligence Essentials is designed to prepare students for progressive careers as Security Operations Center (SOC) Analysts, Threat Intelligence Analysts, IT Risk Analysts, or Cybersecurity Analysts, enabling them to confidently tackle today’s cybersecurity challenges with expertise!

Enroll Now

Threat Intelligence Essentials Program Information

Why EC-Council’s Essentials Series is the Most Popular and Fastest Growing Beginner Level Training Program for Career Starters and Career Changers

213,000+

Learners
Trust EC-Council’s
Essentials Series

150+

Countries

85+

Million Minutes
Watched

4.95/5.0

Average
Ratings

96.46%

of Learners
Gave a 5* Rating

Threat Intelligence Essentials
Course Outline

Module 1: Introduction to Threat Intelligence

This section will introduce you to the program and provide you with foundational information about threat intelligence.

Topics Covered:

  • Threat Intelligence and Essential Terminology
  • Key Differences Between Intelligence, Information, and Data
  • The Importance of Threat Intelligence
  • Integrating Threat Intelligence in Cyber Operations
  • Threat Intelligence Lifecycles and Maturity Models
  • Threat Intelligence Roles, Responsibilities, and Use Cases
  • Using Threat Intelligence Standards or Frameworks to Measure Effectiveness
  • Establishing Splunk Attack Range for Hands-on Experience

Module 2: Types of Threat Intelligence

This section will focus on helping students understand key distinctions and use cases for various threat intelligence types. Students will further understand how various sources generate threat intelligence and how it informs downstream cybersecurity processes or compliance functions.

Module Objectives:

  1. Students will be able to articulate and explain the core differences between types of threat intelligence. 
  2. Students will understand how threat intelligence is created and how it impacts regulatory decisions or essential cybersecurity controls. 
  3. After completing this section, students will be able to comprehend the importance of various threat intelligence types and how to effectively select or integrate appropriate threat intelligence into specific business processes or situational scenarios.

Topics Covered:

  • Understanding the Different Types of Threat Intelligence
  • Preview Use Cases for Different Types of Threat Intelligence
  • Overview of the Threat Intelligence Generation Process
  • Learn How Threat Intelligence Informs Regulatory Compliance
  • Augmenting Vulnerability Management with Threat Intelligence
  • Explore Geopolitical or Industry Related Threat Intelligence
  • Determine How to Integrate Threat Intelligence with Risk Management

Module 3: Cyber Threat Landscape

This section will help students better understand the current state of cybersecurity threats,
emerging trends, obstacles, and how current threat actors are impacting society.

Labs:

  1. Previewing MITRE ATT&CK in DetectionLab
  2. Indicators of Compromise Overview in DetectionLab

Module Objectives:

  1. Students will learn the key concepts surrounding cyber threats and how to define them.
  2. Students will understand how threat actors, attack vectors, vulnerabilities, and exploits generate Indicators of Compromise (IoC) and how emerging technologies can complicate defensive efforts. 
  3. After completing this section, students will be able to understand cyber threat actor profiles, their operational models, telemetry generated by threat actors, and how IoCs inform threat intelligence efforts.

Topics Covered:

  • Overview of Cyber Threats: Trends and Challenges
  • Emerging Threat Actors and Attack Vectors
  • Deep Dive on Advanced Persistent Threats
  • The Cyber Kill Chain Methodology
  • Vulnerabilities, Threat Actors, and Indicators of Compromise (IoC)
  • Geopolitical and Economic Impact of Cyber Threats
  • How Emerging Technology is Impacting the Threat Landscape
  • MITRE ATT&CK & Splunk Attack Range IoC Labs

Module 4: Data Collection and Sources of Threat Intelligence

This section will teach students how to conduct searches or acquire threat intelligence from reputable sources. Students will also learn how to conduct Open-Source Intelligence (OSINT) gathering activities and other threat intelligence collection methods directly.

Labs:

  1. Registering for MS-ISAC, Center for Internet Security (CIS) and other Threat Intelligence
    Advisories
  2.  Methodologies & Techniques for Conducting OSINT Investigations with TraceLab

Module Objectives:

  1. Students will learn how to assess threat intelligence sources for credibility, different data collection methods, and concepts useful for managing threat intelligence data.
  2. Students will be introduced to several direct and indirect threat intelligence collection methods, such as OSINT, HUMINT, and IoC analysis. 
  3. After completing this section, students will gain competence in directly assessing threat intelligence data sources, acquiring reputable threat intelligence, focusing data collection efforts, and exploiting useful elements from acquired threat intelligence.

Topics Covered:

  • Making Use of Threat Intelligence Feeds, Sources, and Evaluation Criteria
  • Overview of Threat Intelligence Data Collection Methods and Techniques
  • Compare and Contrast Popular Data Collection Techniques
  • Bulk Data Collection Methods and Considerations
  • Normalizing, Enriching, and Extracting Useful Intelligence from Threat Data
  • Legal and Ethical Considerations for Threat Data Collection Processes
  • Threat Data Feed Subscription and OSINT Labs

Module 5: Threat Intelligence Platforms

This section will show students how to access and use several leading Threat Intelligence
Platforms (TIPs), such as the AlienVault Open Threat Exchange (OTX) and MISP

Labs:

  1. Accessing and Searching for IoC data in AlienVault Open Threat Exchange
  2.  Setting up and Deploying MISP to enrich threat intelligence data

Module Objectives:

  1. Students will learn how to leverage external or internal Threat Intelligence Platforms (TIPs) to gather actionable data to reduce their attack surface.
  2. Students will be introduced to data management concepts for threat intelligence to drive efficiencies and effective use of threat intelligence received from TIPs.
  3. After completing this section, students will gain competence in accessing and directly leveraging TIPs for threat hunting, cybersecurity risk validation, and data aggregation or information sharing purposes.

Topics Covered:

  • Introduction to Threat Intelligence Platforms (TIPs), Roles, and Features
  • Aggregation, Analysis, and Dissemination within TIPs
  • Automation and Orchestration of Threat Intelligence within TIPs
  • Evaluating and Integrating TIPs into Existing Cybersecurity Infrastructure
  • Collaboration, Sharing, and Threat Hunting Features of TIPs
  • Customizing TIPs for Organizational Needs
  • Using TIPs for Visualization, Reporting, and Decision Making
  • AlienVault OTX and MISP TIP Platform Labs

Module 6: Threat Intelligence Analysis

This section will help students explore and apply data analysis techniques against acquired threat intelligence, including Indicators of Compromise (IoC) and tactics, techniques, or procedures generated by threat actors. Students will learn how to prioritize multiple threats, comprehensive threat intelligence reporting, and concepts for visualizing threat intelligence data sets.

Labs:

  1. Generating and Reviewing TTP data in DetectionLab
  2. Building a sample Threat Actor Profile

Module Objectives:

  1. Students will learn the importance and differences of threat intelligence data analysis methods.
  2. Students will learn how to correlate, enrich, and build essential reporting metrics around acquired threat intelligence. 
  3. After completing this section, students will acquire hands-on experience with identifying relevant threats in their environment, communicating threat actor data using key metrics, and focusing defensive efforts using actionable threat intelligence.

Topics Covered:

  • Introduction to Data Analysis and Techniques
  • Applying Statistical Data Analysis, Including Analysis of Competing Hypothesis
  • Analysis Methods for Threat Actor Artifacts
  • Threat Prioritization, Threat Actor Profiling, and Attribution Concepts
  • Leveraging Predictive and Proactive Threat Intelligence
  • Reporting, Communicating, and Visualizing Intelligence Findings
  • Threat Actor Profile Labs and MISP Report Generation Labs

Module 7: Threat Hunting and Detection

This section will provide an operational overview of Threat Hunting, contemporary threat hunting methodologies, and tools or techniques students can leverage to perform hypothesis driven threat hunts.

Topics Covered:

  • Operational Overview of Threat Hunting and Its Importance
  • Dissecting the Threat Hunting Process
  • Threat Hunting Methodologies and Frameworks
  • Explore Proactive Threat Hunting
  • Using Threat Hunting for Detection and Response
  • Threat Hunting Tool Selection and Useful Techniques
  • Forming Threat Hunting Hypotheses for Conducting Hunts
  • Threat Hunt Lab

Module 8: Threat Intelligence Sharing and Collaboration

This section will discuss the benefits of threat intelligence information sharing, platforms used to share industry-specific threat intelligence, and the cybersecurity or regulatory concerns that influence information sharing.

Topics Covered:

  • Importance of Information Sharing Initiatives in Threat Intelligence
  • Overview of Additional Threat Intelligence Sharing Platforms
  • Building Trust Within Intelligence Communities
  • Sharing Information Across Industries and Sectors
  • Building Private and Public Threat Intelligence Sharing Channels
  • Challenges and Best Practices for Threat Intelligence Sharing
  • Legal and Privacy Implications of Sharing Threat Intelligence
  • Sharing Threat Intelligence Using MISP and Installing Anomali STAXX

Module 9: Threat Intelligence in Incident Response

This section will discuss methods students can adopt to integrate threat intelligence effectively into cybersecurity Incident Response (IR) plans or processes. Concepts covered in this section include incorporating threat intelligence into triage, forensics, lessons learned, and other incident response processes.

Topics Covered:

  • Integrating Threat Intelligence into Incident Response Processes
  • Role of Threat Intelligence in Incident Prevention Using Workflows and Playbooks
  • Using Threat Intelligence for Incident Triage and Forensic Analysis
  • Adapting Incident Response Plans Using New Intelligence
  • Coordinating Responses with External Partners
  • Threat Intelligent Incident Handling and Recovery Approaches
  • Post-Incident Analysis and Lessons Learned Considerations
  • Measurement and Continuous Improvement for Intelligence-Driven Incident Response

Module 10: Future Trends and Continuous Learning

This section will discuss the impact of technological developments like Artificial Intelligence (AI) that are helping to drive innovation in the Threat Intelligence community. This section will also explore complementary educational sources that will allow them to enhance their professional development or pursue threat intelligence career options and approaches that are useful for staying current with modern threat intelligence practices.

Topics Covered:

  • Emerging Technologies in Threat Intelligence
  • Evolution of Threat Intelligence in Response to Advanced Threats
  • Threat Intelligence for Emerging Technologies
  • The Role of Threat Intelligence in Evolving Cyber Threats
  • The Convergence of Threat Intelligence and Risk Management
  • Importance of Continuous Learning and Professional Development in Threat Intelligence
  • Career Paths and Opportunities in the Threat Intelligence Field
  • Anticipating Future Challenges and Opportunities in Threat Intelligence
  • Engaging with the Threat Intelligence Community
  • Keeping Up to Date with Evolving Threat Landscapes
  • Ethical Considerations in Threat Intelligence Research and Reporting
  • Global and Regional Threat Intelligence Trends and Challenges
  • The Role of Threat Intelligence in National Security and Defense
  • The Influence of Threat Intelligence on Cybersecurity Regulations