back to agenda

on this page

Turbocharging IOC validation: Become a more efficient CTI analyst

  • 13:30
  • Thu
  • 17 Nov
Technical Focus
Briefing Stage 2


Cyber threat intelligence (CTI) analysts are inundated daily with new Indicators of Compromise (IOC)s to analyze. Due to the ephemeral nature of IOCs, analysts must analyze IOCs promptly to understand if an IOC is usable. 

IOC validation is one of the most time-consuming and frustrating aspects of analyzing an IOC. By optimizing IOC validation, an analyst can produce much more timely intelligence.

In this session, you will learn first-hand how to turbocharge the validation of IOCs, thus saving you precious time and helping you prioritize your time to focus on high-value IOCs and creating both timely and actionable intelligence.

The session is based on real-world experience and will cover:
-Scenarios which will take you down a rabbit hole and how to avoid them
-When you, as a CTI analyst, should stop enriching an IOC
-How to conduct IOC associations and linkage 
-A live demonstration of a highly efficient and automated method to gain optimal results and improve the IOC validation process
The session will also provide participants with valuable sources to aid them in effectively validating IOCs in their role as a CTI analyst.