Threat Intelligence Platforms (TIP) and Data Management

This course covers the full operational stack of threat intelligence management from understanding what TI is and why it matters, to hands-on work with two of the most widely used open-source platforms in the field. Rather than treating intelligence as a passive input, the course frames it as a structured workflow: collected, processed, visualized, and shared through standardized protocols. You'll leave with practical platform experience and a working understanding of how intelligence moves between organizations at scale.

What You'll Learn

• Define threat intelligence and distinguish between its three types Strategic (for executives and risk managers), Operational (for SOC analysts and detection engineers), and Tactical (for incident responders and threat hunters) understanding which audience each serves and why.
• Navigate the six-stage threat intelligence lifecycle: Planning & Direction, Collection, Processing, Analysis, Dissemination, and Feedback.
• Understand what a Threat Intelligence Platform (TIP) is, what its five core functions are  Collection, Enrichment, Correlation, Sharing, and Automation and how it converts raw threat data into actionable security insights
• Work with MISP: navigate the interface, create and manage events, add and edit attributes, and build sample events populated with indicators of compromise.
• Work with OpenCTI: navigate the interface, understand the knowledge graph model, create and manage entities, and produce structured reports with indicators.
• Understand STIX (Structured Threat Information eXpression) as a standardized language for describing threats, and TAXII (Trusted Automated eXchange of Indicator Information) as the protocol for sharing that data securely across organizations.
• Apply the five key properties of STIX/TAXII in practice: Interoperability, Automation, Consistency, Collaboration, and Scalability.