Threat Intelligence plays a major role in the modern Security Operations Center (SOC). This threat data can help analysts to detect security incidents earlier, take more informed actions, and implement security controls to defend against known threats.
Threat Intelligence includes context about threat actors, their intentions and their methods. It also includes Indicators of Compromise (IOC’s), which include IP addresses, domain names, URLs, file hashes, and more, that are known to be malicious. If one of these blacklisted items shows up in your event logs, it’s a good indicator that your network has been compromised.