What is it?
determining whether threat intelligence sources are worth using, or whether a threat intelligence hit is worth noticing, the questions to ask about the source to determine this, are:
- How timely is it?
- How accurate is the information?
- Is the information relevant? one way this could be measured, is through a threat confidence score
Why is it mentioned?
there is lots of data out in the wild, with many datasets producing false-positives, or inaccurate information. To ensure the data is valuable to the organisation, it must be scrutinized against the above questions.