█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Threat Intelligence/What is Threat Intelligence?
30 minBeginner

What is Threat Intelligence?

After this lesson, you will be able to: Define threat intelligence and what it provides defenders.

Threat intelligence is structured knowledge about adversaries, who they are, what they want, what tools they use, how they operate. It transforms reactive 'patch when alerts fire' into proactive 'patch what we know is being exploited'.

Three TI levels

Strategic, board-level: who threatens our industry? Trend reports, geopolitics. Operational, campaign-level: who's targeting us right now? Group profiles, TTPs. Tactical, atomic: which IPs, hashes, domains are bad right now? IoCs, feeds.

💡 Why TI matters

Without TI: defenders react to alerts. With TI: defenders prioritize the alerts that match active threats and pre-position defenses against likely attacks.

TI inputs and outputs

  1. 1

    Inputs: open source (blogs, Twitter), commercial feeds (Recorded Future, Mandiant), ISAC sharing, internal IR data.

  2. 2

    Outputs: blocklist updates, hunt hypotheses, exec briefings, detection content (Sigma rules, YARA).

💡 You will work from the command line

OSINT collection, parsing feeds, pulling IoCs out of logs, and querying tools like Shodan and VirusTotal are all faster from a terminal with curl, jq, grep, and a few scripts than from a browser. If the Linux command line is new to you, the DevOps and Infrastructure > Linux and the Command Line subtrack starts from zero and gets you to the fluency this sub-track and Penetration Testing both assume.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
Back to Threat Intelligence
Threat Actors and Motivations→