Carlos has many years of experience working in a CSIRT and currently works as a threat hunter. Of the following, what is his primary resource?
- threat intelligence
- log files from cybersecurity components such as SIEM, firewall, and IPS
- vulnerability scan reports
- risk assessment reports
Explanation & Hint:
Carlos, as a threat hunter, would typically rely on threat intelligence as his primary resource. Threat intelligence provides valuable information about current and emerging threats, including details about attack techniques, indicators of compromise, and known threat actors. Threat hunters use this intelligence to proactively seek out potential threats within an organization’s network and systems. While log files, vulnerability scan reports, and risk assessment reports are essential components of threat hunting, threat intelligence is the foundational resource for identifying and understanding potential security threats. |