Show:
Acronyms
Threat Actors
Misc
Types of Data
Log Systems
100

Describes the study of threat actor behavior by using Procedures, Tactics, and Techniques

BC

TTPs
(Tactics, Techniques, and Procedures)

100

Use of IT-related hardware/software by a department/individual without the knowledge of the IT or security group within the organization

ED

Shadow IT

100

Sore-Loser of our group...lol

KK

KENDRA

100

Data refers to valuable, confidential information that gives a business a competitive advantage

RX

Trade Secrets

100

Automatically detected threat in real time in a SIEM system

PN

IoAs (Indicators of Attack)

200

NIST stands for:

TY

National Institute of Standards and Technology

200

Aim is financial fraud, blackmail, etc. to extort money from their intended target (i.e. Ransomware)

KM

Organized Crime

200

Passive tool used to eavesdrop on an organization's data traffic

TU

Wireshark

200

Info that is too valuable to allow any risk of it's capture. Viewing is severely restricted.

QZ

Critical or Top Secret

200

SIEM Dashboards review these to identify priorities or potential impacts from events occurring at other companies and all over the internet

XV

CTI (Cyber Threat Intelligence)

300

What does API stand for

YY

Application Programming Interface

300

Uses cyber weapons to promote a political agenda

XC

Hacktivist

300

Type of Intel that is proprietary and only for the members of that specific group

JM

Proprietary/Closed-Source Intelligence

300

Data stored in memory while processing takes place. 

XS

Data In Use

300

Collecting logs, mapping information about your infrastructure and business processes to those logs. Kinda like an IDS

VB

SIEM (Security Information and Event Management)

400

KPI stands for

GV

Key Performance Indicator

400

Recruited by external parties to steal, alter, tamper with, or delete valuable data

UT

Insider

400

Architecture where everything is verified

GF

Zero Trust Architecture

400

Data about the health records/charts of individuals

YT

PHI (Protected Health Information)

400

Allows for centralized collection of events from multiple sources. Messages can be generated by CISCO routers and switches, as well as servers and workstations, and collected in a central database for viewing and analysis

HB

SYSLOG

500

What does PIFI stand for

HB

Personal Identifiable Financial Information

500

Goals of this threat actor primarily espionage, strategic advantage, and commercial gains

JC

Nation-State

500

SYSLOG Severity "5" with the description "Normal but significant conditions"

WP

Notifications

500

Public accessible information that Pen Testers can use passively when reconning a client's application

HC

OSINT (Open Source Intelligence)

500

Ingest alert data, and these alerts then trigger playbooks that automate/orchestrate response workflows or tasks. Kinda like and IPS

UL

SOAR (Security Orchestration, Automation, and Response)