We’ve been hit, how can CyberDefenses help? Incident Hotline

Cyber Defenses Academy

Using CHRIME for Threat Intelligence

This product is currently out of stock and unavailable.

Product Description

Course Objectives

Through the user interactive labs the student will learn:

A handy acronym and method of constructing threat data into intelligence.  It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution and is aimed at rapidly helping an analyst turn data into linked, correlated and context infused information that can be profiled and analyzed into intelligence.  CHRIME provides a mnemonic to rapidly outline information about a threat, whether an element of DNS, an indicator belonging to a system, a person, a piece of hardware, etc.

Date & Time

(TBD) Nov 13  8:30am – 5:00pm



Target Student

  • Individuals new to or desiring a better understanding of how to understand Threat Intelligence concepts.
  • Professionals who deal with technical issues but feel they do not have enough background in Threat Intelligence
  • Technical professionals that need to be armed with greater knowledge of incident response, Threat Intelligence and their role in resolving incidents.

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
  • Prior experience not required
  • Understanding of virtual machines (VM) and how to use one.
    • Assume students understand how to import and power on a VM

Your Instructor

Monty St John

Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics.

Course Outline

1. Introduction

2. What is CHRIME?

3. Breaking it down

  • Constellation
  • History
  • Reputation
  • Intent
  • Malware
  • Execution

4. Use Cases and Application

5. Additional Sources of Data

6. Automation and Tools

7. Wrap up and Close

What’s Next

The following CDI courses are good follow-ups:


Certification of Completion

Additional Information

Why this course?

  • The course is designed for those with an interest in Threat Intelligence. It conveys the necessary concepts, principles and terms to lay down a solid foundation.  If you have that requirement then it will serve your needs well.
  • The course is an introductory class on several tracks CDI offers for the professional starting out.

CHRIME is a handy acronym and method of constructing threat data into intelligence.  It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution:

  • Constellation is a first-tier outline of attributes and their connections to the element of threat data.
  • History is a short outline of its past activity
  • Reputation is a short outline of its current standing
  • Intent speaks to its purpose of existence
  • Malware, obviously points to if it’s malicious, and if so, what/how
  • Execution is how it was employed

Capturing this information provides rapid insight into any element of threat data and provides a platform to craft threat data into intelligence that can be leveraged to alert, detect or take action.

Note:  Each hour of this course follows a pattern of 5-minute instructor discussion, 10-minute classroom discussion and 45-minute lab work.

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.