Why this course?
- The course is designed for those with an interest in Threat Intelligence. It conveys the necessary concepts, principles and terms to lay down a solid foundation. If you have that requirement then it will serve your needs well.
- The course is an introductory class on several tracks CDI offers for the professional starting out.
CHRIME is a handy acronym and method of constructing threat data into intelligence. It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution:
- Constellation is a first-tier outline of attributes and their connections to the element of threat data.
- History is a short outline of its past activity
- Reputation is a short outline of its current standing
- Intent speaks to its purpose of existence
- Malware, obviously points to if it’s malicious, and if so, what/how
- Execution is how it was employed
Capturing this information provides rapid insight into any element of threat data and provides a platform to craft threat data into intelligence that can be leveraged to alert, detect or take action.
Note: Each hour of this course follows a pattern of 5-minute instructor discussion, 10-minute classroom discussion and 45-minute lab work.