{"id":41436,"date":"2021-06-22T16:00:15","date_gmt":"2021-06-22T16:00:15","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=93802"},"modified":"2021-06-22T16:00:15","modified_gmt":"2021-06-22T16:00:15","slug":"strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/","title":{"rendered":"Strategies, tools, and frameworks for building an effective threat intelligence team"},"content":{"rendered":"
<\/div>\n

How to think about building a threat intelligence program<\/h2>\n

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post,<\/em> Microsoft Product Marketing Manager <\/em>Natalia Godyla<\/em><\/a> talks with Red Canary Director of Intelligence <\/em>Katie Nickels<\/em><\/a>, a certified instructor with the SANS Institute. In this blog, Katie shares strategies, tools, and frameworks for building an effective threat intelligence team.<\/em><\/p>\n

Natalia: Where should cyber threat intelligence (CTI) teams start?<\/strong><\/p>\n

Katie<\/strong>: Threat intelligence is all about helping organizations make decisions and understand what matters and what doesn\u2019t. Many intelligence teams start with tools or an indicator feed that they don\u2019t really need. My recommendation is to listen to potential consumers of the intel team, understand the problems they are facing, and convert their challenges into requirements. If you have security operations center (SOC)<\/a> analysts, talk to them about their pain points. They may have a flood of alerts and don\u2019t know which ones are the most important. Talk to systems administrators who don\u2019t know what to do when something big happens. It could be as simple as helping an administrator understand important vulnerabilities.<\/p>\n

The intel team can then determine how to achieve those requirements. They may need a way to track tactics, techniques, procedures (TTPs), and threat indicators, so they decide to get a threat intelligence platform. Or maybe they need endpoint collection to understand what adversaries are doing in their networks. They may decide they need a framework or a model to help organize those adversary behaviors. Starting with the requirements and asking what problems the team needs to solve is key to figuring out how to make a big impact.<\/p>\n

Also, threat intel analysts must be selfless people. We produce intelligence for others, so setting requirements is more about listening than telling.<\/p>\n

Natalia: What should security teams consider when selecting threat intelligence tools?<\/strong><\/p>\n

Katie<\/strong>: I always joke that one of the best CTI tools of all time is a spreadsheet. Of course, spreadsheets have limitations. Many organizations will use a threat intelligence platform, either free, open-source software, like MISP, or a commercial option.<\/p>\n

For tooling, CTI analysts need a way to pull on all these threads. I recommend that organizations start with free tools. Twitter is an amazing source of threat intelligence. There are researchers who track malware families like Qbot and get amazing intelligence just by following hashtags on Twitter. There are great free resources, like online sandboxes. VirusTotal has a free version and a paid version.<\/p>\n

As teams grow, they may get to a level where they have tried the free tools and are hitting a wall. There are commercial tools that provide a lot of value because they can collect domain information for many years. There are commercial services that let you look at passive Domain Name Server (DNS) information or WHOIS information so you can pivot. This can help teams correlate and build out what they know about threats. Maltego has a free version of a graphing and link analysis tool that can be useful.<\/p>\n

Natalia: How should threat intelligence teams select a framework? Which ones should they consider?<\/strong><\/p>\n

Katie<\/strong>: The big three frameworks are the Lockheed Martin Cyber Kill Chain\u00ae, the Diamond Model, and MITRE ATT&CK<\/a>. If there\u2019s a fourth, I would add VERIS, which is the framework that Verizon uses for their annual Data Breach Investigations Report. I often get asked which framework is the best, and my favorite answer as an analyst is always, \u201cIt depends on what you\u2019re trying to accomplish.\u201d<\/p>\n

The Diamond Model offers an amazing way for analysts to cluster activity together. It\u2019s very simple and covers the four parts of an intrusion event. For example, if we see an adversary today using a specific malware family plus a specific domain pattern, and then we see that combination next week, the Diamond Model can help us realize those look similar. The Kill Chain framework is great for communicating how far an incident has gotten. We just saw reconnaissance or an initial phish, but did the adversary take any actions on objectives? MITRE ATT&CK is really useful if you\u2019re trying to track down to the TTP level. What are the behaviors an adversary is using? You can also incorporate these different frameworks.<\/p>\n

Natalia: How do you design a threat model?<\/strong><\/p>\n

Katie<\/strong>: There are very formal software engineering approaches to threat modeling, in which you think of possible threats to software and how to design it securely. My approach is, let\u2019s simplify it. Threat modeling is the intersection of what an organization has that an adversary might target. A customer might say to us, \u201cWe\u2019re really worried about the Lazarus Group and North Korean threats.\u201d We\u2019d say, \u201dYou\u2019re a small coffee shop in the middle of the country, and that threat might not be the most important to you based on what we\u2019ve seen this group do in the past. I think a more relevant threat for you is probably ransomware<\/a>.\u201d Ransomware is far worse than anyone expected. It can affect almost every organization; big and small organizations are affected equally by ransomware.<\/p>\n

If teams focus on all threats, they\u2019re going to get burnt out. Instead, ask, \u201cWhat does our organization have that adversaries might want?\u201d When prioritizing threats, talking to your peers is a great place to start. There\u2019s a wealth of information out there. If you\u2019re a financial company, go talk to other financial companies. One thing I love about this community is that most people, even if they\u2019re competitors, are willing to share. Also, realize that people in security operations, who aren\u2019t necessarily named threat intel analysts, still do intelligence. You don\u2019t have to have a threat intel team to do threat intel.<\/p>\n

Natalia: What is the future of threat intelligence?<\/strong><\/p>\n

Katie<\/strong>: Cyber threat intelligence has been around for maybe a few decades, but in the scope of history, that\u2019s a very short time. With frameworks like ATT&CK or the Diamond Model, we\u2019re starting to see a little more formalization. I hope that builds, and there\u2019s more professionalization of the industry with standards for what practices we do and don\u2019t do. For example, if you\u2019re putting out an analysis, here are the things that you should consider. There\u2019s no standard way we communicate except for those few frameworks like ATT&CK<\/a>. When there are standards, it\u2019s much easier for people to trust what\u2019s coming out of an industry.<\/p>\n

My other hope is that we improve the tooling and automation to help support human analysts. I\u2019m often asked, \u201cHow can threat intel be automated?\u201d Threat intelligence is fundamentally a human discipline. It requires humans to make sense of complex and disparate information. There\u2019s always going to be a human element of threat intelligence, but I hope we can do better as an industry in figuring out what tools can make analysts powerful and support the decisions that security teams have to make.<\/p>\n

Learn more<\/h2>\n

To learn more about Katie, follow her on @likethecoins<\/a>, and for more details on Microsoft Security solutions, visit our website<\/a>. Bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Red Canary Director of Intelligence Katie Nickels shares her thoughts on strategies, tools, and frameworks to build an effective threat intelligence team.
\nThe post Strategies, tools, and frameworks for building an effective threat intelligence team appeared first on Microsoft Security Blog. READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":41437,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347,6578,9127],"class_list":["post-41436","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity","tag-threat-protection","tag-voice-of-the-community"],"yoast_head":"\nStrategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Strategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-22T16:00:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"516\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Strategies, tools, and frameworks for building an effective threat intelligence team\",\"datePublished\":\"2021-06-22T16:00:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\"},\"wordCount\":1270,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg\",\"keywords\":[\"Cybersecurity\",\"Threat protection\",\"Voice of the Community\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\",\"name\":\"Strategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg\",\"datePublished\":\"2021-06-22T16:00:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg\",\"width\":1200,\"height\":516},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Strategies, tools, and frameworks for building an effective threat intelligence team\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Strategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/","og_locale":"en_US","og_type":"article","og_title":"Strategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-06-22T16:00:15+00:00","og_image":[{"width":1200,"height":516,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Strategies, tools, and frameworks for building an effective threat intelligence team","datePublished":"2021-06-22T16:00:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/"},"wordCount":1270,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg","keywords":["Cybersecurity","Threat protection","Voice of the Community"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/","url":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/","name":"Strategies, tools, and frameworks for building an effective threat intelligence team 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg","datePublished":"2021-06-22T16:00:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team.jpg","width":1200,"height":516},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/strategies-tools-and-frameworks-for-building-an-effective-threat-intelligence-team\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"Strategies, tools, and frameworks for building an effective threat intelligence team"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41436"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41436\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/41437"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}