Skip to content
Log in

Threat Intelligence Platform (TIP)

Definition

A system that ingests indicator feeds from external providers and internal sources, deduplicates and scores them, and exports curated indicators of compromise to the SIEM and other tools for alert enrichment.

Related terms

EDR (Endpoint Detection and Response)
An agent-based security tool deployed on individual endpoints (workstations, servers, mobile devices) that monitors process execution, file changes, network connections, and registry...
MTTD / MTTR
Mean Time to Detect and Mean Time to Respond: the two primary operational KPIs for a SOC. MTTD measures the gap between...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...
SOAR (Security Orchestration, Automation, and Response)
A platform that receives alerts from the SIEM and other sources, executes automated playbooks to enrich and triage them, and integrates with...
STIX / TAXII
Structured Threat Information eXpression (STIX) is a standardised language for describing threat intelligence objects. Trusted Automated eXchange of Intelligence Information (TAXII) is...

Explained in

  • SOC Tooling and the SIEMA system that ingests indicator feeds from external providers and internal sources, deduplicates and scores them, and exports curated indicators of compromise...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account