Cyber Threat Intelligence SIG


To define Threat Intelligence in the commercial space. To discuss common applications of threat intelligence capability with a view to agree best practice in the context of supporting effective digital forensics and incident response (DFIR) operations.


  1. Workshop on Threat Intelligence - collating a common FIRST view of threat intelligence
  2. Briefing Paper – Using Threat intelligence to Support Incident Response
  3. Creation of a FIRST wide common body of knowledge (CBK) on Threat Intelligence
    1. Definitions of commonly used terms and terminology
    2. Collate list of Open Source Threat Intelligence Tools that can be used by Threat Intelligence Teams
    3. Glossary Collate list of Cyber Threat Intelligence Feeds and sources
    4. Description of methods, models and techniques
  4. We are considering training modules as an output. There is a severe lack of training in this area at present.
  5. Stock slide-deck for FIRST members to present the topic of Threat Intel to their executive management


Member section

Experience in the commercial or government space relevant to the SIG mission and at discretion of the chairs.

Mailing list