A security analyst is reviewing multiple external data feeds to keep tracking threat tendencies. One feed claims insider knowledge of malicious groups but does not explain how that information is acquired. Which course of action increases confidence when deciding whether to use that feed?
Advise leadership to temporarily consider the feed while actively verifying credibility.
Adopt the feed for intelligence tasks and evaluate its sources over time.
Delay using the feed until further verification of its credibility is completed.
Validate the feed’s reporting history and methodology before adding it to regular monitoring.
Confidence in external threat intelligence requires understanding how data is collected and evaluating the provider’s track record for accuracy. Blind trust can introduce misinformation, while immediate rejection may miss valuable insights. The best practice is to vet the source’s methodology and past performance before relying on its data for ongoing operations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to validate a feed's reporting history and methodology?
Open an interactive chat with Bash
Why is blind trust in external threat intelligence feeds risky?
Open an interactive chat with Bash
What are common methods used to collect threat intelligence data?