Edu type:
Course or training
Associate degree (EQF 5), Bachelor (EQF 6), Master (EQF 7), MBO-4/HAVO/VWO (EQF 4)
Start date:
Study Load:
12 hrs
2 days
More information


Learn how to collect actionable intel and interpret the data for effective incident response and attacker attribution.


Modern cybersecurity would not be where it is today without threat intelligence (TI). TI lies at the heart of any effective IS solution, enriching it with data and information from previously hidden areas of the Internet. By monitoring dark corners such as hacker forums and the dark web, TI analysts are able to see the bigger picture and attribute criminal behaviour more accurately.


Group-IB’s Threat Intelligence Analyst course teaches how to collect actionable intel from all types of sources, both public and closed, and how to interpret that data and spot signs that an attack is being prepared. As with all Group-IB courses, lessons include practical exercises based on real cases handled by the company’s TI team. This approach was chosen to ensure that participants can immediately apply what they learn in their day-to-day activities.


Key topics covered:

  • Overview of the threat Intelligence field
  • TI cycle and the three data levels
  • TI use cases for security operations
  • Threat modeling: PASTA, DEAD, VERIS, etc.
  • Attack modeling: cyber kill chain, MITRE ATT&CK models and ATT&CK Navigator
  • Processing of IoCs
  • CTI tools, standards and TIPs
  • Data sources and collection techniques
  • Group-IB TI practice

Skills acquired:

  • Understanding threat intelligence
  • Collecting relevant data
  • Improved detection and threat modeling using TI

Target participants:

  • Technical specialists with experience in IS
  • Information security specialists
  • SOC/CERT employees


  • A basic understanding of threat intelligence
  • Some experience in the field of cybersecurity and CTI