Profile picture
CYINT_dude @CYINT_dude
, 9 tweets, 2 min read Read on Twitter
I’m a proponent of writing things down. As #threatintel analysts, a big part of our job is recognizing patterns and making connections. But sometimes, we don’t see the connections. Our brains can’t recall as much information as we think they can (1/x).
This is why it’s imperative to document and memorialize your knowledge. Use your IOC database, your commercial TIP, OneNote, Excel, Wiki, IR ticketing system, whatever you have to capture artifacts, IOC, notes (2/x).
Tag your data (hopefully you have a consistent tagging scheme); organize it; capture enrichment data and attributes that may allow for future correlation. Does this take extra time? Is it annoying sometimes in the face of an active campaign or IR operations? You bet (3/x).
BUT. It’s an awesome experience when you start examining new activity. “Hmm this doesn’t look familiar.” But you import and organize your data and, Voila! A correlation on past activity! (4/x)
You’ll thank your past self for taking the extra time to capture these details. It’s exciting seeing the patterns that emerge without having to exert the extra brain power to mentally catalogue everything (5/x)
So by “wrote it down,” I don’t necessarily mean a book report. It could be as simple as a handful of IOC, an email header, and a quick note. In some cases you will need more “contextual media” like timelines, queries, screenshots, tables, graphs, etc. (6/x)
In that case, as a best practice, make sure the analyst can navigate from point A to point B. But the take away is document enough to enable future correlation (7/x)
How much and how far to I document? No solid answer here. But the more dangerous the threat, the more time I spend pivoting and capturing that enrichment data (8/x).
In closing, write things down! Your future self (and your colleagues who need your insights) will thank you! #threatintel
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to CYINT_dude
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#threatintel

More from @CYINT_dude see all

Profile picture
#threatintel thread! For the past couple of weeks I've focused on #threatintel REQUIREMENTS. As a consultant working with clients to develop their programs, I focused on this a lot--requirements are important. As a full-time analyst, it's much harder: because OPS!
But, really honing-in on the requirements--the specific questions that customers have, the topics they are interested in, how they can best consume information--has been a valuable investment. Here's what I've learned or re-discovered...
For each requirement (or set of requirements), there is information you need to answer the question and a process to follow to fulfill the requirement. Sometimes you'll have the information you need; sometimes you won't which means that you have to go get it (collection).
Read 16 tweets

Related threads

Profile picture
45 Days Of @ElvisCostello: a twitter megathread in anticipation of the Oct 12 release date of LOOK NOW, the new LP by Elvis Costello & The Imposters

This is either a bright idea or a brilliant mistake, but this is only, this is only, this is only the beginning...
I did something similar to this 5 years ago, in anticipation of EC & @theroots' Wise Up Ghost LP, on tumblr.

(You can still find all those posts if you look, although a lot of the YouTube links etc are now dead ends. It was 40 Days Of EC then, so for 2018 I'm upping it to 45.)
Mostly I will be going chronologically from the early years right up to the present, but it feels right to start out with Costello's 2002 song, "45."

Music Video directed by @jessebdylan


(There's an alternate "diner" version I can't find anywhere online)
Read 2378 tweets
Profile picture
YOONMIN AU

Yoongi’s helping Jimin, his best friend since childhood, move out of his family home and into their new shared apartment.

While moving boxes, he accidentally finds a dairy — in which 12 year old Jimin writes about how desperately in love he is with Yoongi.
“Hyung, do you think the carpet would fit if we leave the trunk door open?” Jimin asked, shoving a box of his Harry Potter collection under the back seat. He hit the back of his head against the top of the car and whined, rubbing the painful spot as he turned to Yoongi.
“We already have a carpet, Jimin.” Yoongi sighed, walking back inside the house to get more boxes from Jimin’s room. He was getting impatient with Jimin’s ridiculous requests and demands. His car was almost full already, and they haven’t even gone through half of Jimin’s things.
Read 357 tweets
Profile picture
yoonmin abo au 🍑

Omega prince Jimin is the prettiest omega in royalty who has tons of suitors, but none have managed to steal his heart.

His personal body guard, Alpha Min Yoongi has one motto :

"If they want to get the fairest, they have to go through the fiercest."
i'm starting this !

- do not reply to the thread, just rt w comment

- if you spot any similarities with other works, it is by pure coincidence as im not some bitch who steals the fruit of other's hard work.

- uwu
"YOOOOOONGIIIIIII-" Jimin grinned when he heard the sound of rapid footsteps came nearer and nearer.

An alpha in his usual dark suit appeared in the doorway of Jimin's grand luxurious room. "WHAT- WHO- DID SOMEBODY HURT YOU?" He was almost out of breath since he
Read 1160 tweets
Profile picture
Here's a guaranteed way for #Writing Contest Jurors to ruin an #emergingwriter's day: tweet to your followers (some of whom have to be thinking of entering the contest you're judging) that you're not a fan of certain kinds of stories, so maybe it's best if they "skip this one..."
...bc being an #emergingwriter isn't hard enough. It isn't hard enough that there already is a magical/frustrating subjectiveness and unpredictability to contests, and that entering one is an act of #faith, yet maybe your surprising story will be the one to enchant the jurors...
...nor is it a challenge to come up with the contest fee, which is usually significant, because you think your story's great and might have a shot, even though it's got #scifi or #specfic elements, because you've been inspired in the past by unexpected and genre-bending work...
Read 12 tweets

Trending hashtags

#writers #sschat #EgyptStation #scichat #LGBTQ #BIG #gamedevelopers #literary #relationships #TheBeatles #Ozark #indie #Screenwriter #CampFire #scriptwriter #writing #ClearTheAir #ThisIsNotNormal #amwriting #ElvisCostello #emerging #threatintel #TeachLivingPoets #metoo #writer

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!