Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice on an existing or emerging threat or danger to assets. This intelligence can be used to inform decisions regarding the subject’s response to that threat or danger. Security analytics applications use real-time and historical data to detect and diagnose threats. Sources of information include:

• Real-time alerts from workstations, servers, sensors, mobile devices, and other endpoints
• Real-time sources from other IT security applications (firewalls, intrusion prevention, endpoint detection and response, etc.)
• Volume and types of network traffic
• Server logs
• Third-party threat intelligence feeds Security analysis combines data from various sources and looks for correlations and anomalies within the data