Read the original article: Cross-post: About Threat Intel Retro-Matching
[Posted on Behalf of Anton Chuvakin, Security Strategy – chronicle Google]
So you recall my recent post about TI matching to security telemetry like logs in near real-time? I did say that most threat intelligence (TI, also called“threat data” in this post) comes from past observations of badness. In fact, the whole model of value for threat intelligence is that even though such badness is past for the initial observer, it is a likely future…
Read the original article: Cross-post: About Threat Intel Retro-Matching