A cybersecurity analyst is supporting an incident response effort via threat intelligence.
Which of the following is the analyst MOST likely executing?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The correct answer is D. Indicator enrichment and research pivoting.
Threat intelligence is a key component of incident response, and it involves the collection, analysis, and dissemination of information about potential threats to an organization. Threat intelligence can be used to help identify and mitigate threats, and it can also be used to support incident response efforts.
Indicator enrichment and research pivoting are two key activities that a cybersecurity analyst may undertake when supporting an incident response effort via threat intelligence.
Indicator enrichment involves taking indicators of compromise (IOCs) and adding additional context and information to them in order to better understand the nature of the threat. This may involve using open source intelligence (OSINT) or other sources to gather additional information about the threat, such as the attacker's tactics, techniques, and procedures (TTPs).
Research pivoting involves taking the information gathered through indicator enrichment and using it to pivot to other related indicators or sources of information. This can help to build a more comprehensive picture of the threat and identify potential avenues for mitigation.
Overall, indicator enrichment and research pivoting are critical activities for a cybersecurity analyst supporting an incident response effort via threat intelligence. They can help to identify and mitigate threats more effectively, and they can also help to build a more complete understanding of the threat landscape.