Cybersecurity Essentials:Cyber Threat Intelligence 101(2025)

Name: Cybersecurity Essentials:Cyber Threat Intelligence 101(2025)
Rating: 4.3 (213 reviews)

A practical, beginner-friendly guide to Cyber Threat Intelligence with real-world use cases.

Created byCyber talents 30,000+ Student Enrollments

Last updated 5/2025

English

What you'll learn

Understand the fundamentals of Cyber Threat Intelligence (CTI) and its importance in modern cybersecurity.
Explore the CTI lifecycle including direction, collection, processing, analysis, and dissemination.
Identify and differentiate between strategic, operational, tactical, and technical threat intelligence.
Learn to use top CTI tools like MISP, VirusTotal, and others to gather and analyze threat data.
Learn how to build and operationalize threat intelligence using Microsoft Sentinel, integrating CTI into a modern SOC environment.
Understand how CTI supports SOC operations, incident response, and proactive threat hunting.

Course content

6 sections • 36 lectures • 4h 56m total length

Course Overview – Cyber Threat Intelligence (CTI) 101: Beginner’s Guide4:21
Introduce the fundamentals of cyber threat intelligence, the five-stage lifecycle, and four types, then apply concepts in hands-on labs using Microsoft Sentinel and MISP.
Getting Started with Cyber Threat Intelligence (CTI)10:07
Cyber Threat Intelligence Made Simple: Real-World Analogies You’ll Remember7:01

Threat Intel Lifecycle 101: (1) Defining the Direction for Threat Intelligence4:30
Define the direction phase of threat intelligence by planning hospital-specific objectives, identifying ransomware and PHI risks, and outlining IOCs, phishing domain monitoring, and HIPAA considerations.
Threat Intel Lifecycle 101: (2) Collection Essentials2:01
During the collection phase, gather raw threat data from open source intelligence, commercial feeds, private sharing groups, and internal logs, consolidating IOCs and TTPs for analysis.
Threat intel Lifecycle 101 (3): Processing Threat Data for Actionable Insight1:53
Threat intel Lifecycle 101 : (4) Analyzing Data to Uncover Threats3:57
Analyze the data in the analysis phase by correlating CSV IOCs with SIEM logs, running queries to detect ransomware like Conti, triggering threat intel rules, and blocking detected IOCs.
Threat intel Lifecycle 101 (5): Disseminating Intelligence for Action2:22

Understanding Strategic Threat Intelligence (CTI 101)5:52
Tactical Threat Intelligence: Actionable Security Data5:35
Unveiling Operational Threat Intelligence4:23
Explore operational threat intelligence guiding hospital defenses against a live phishing campaign, including IOCs, domains, and TTPs. See practical actions: analytics rules, email blocks, and endpoint isolation.
Deep Dive into Technical Threat Intelligence4:48

Hands-On Lab: Setting Up Your Microsoft Azure Account from Scratch12:38
Set up an azure free account, complete email verification and otp, and start a free trial in the azure portal. Learn to create virtual machines, storage, and sql databases.
Hands-On Lab: Creating and Managing Resource Groups in Microsoft Azure2:05
Hands-On Lab: Setting Up a Log Analytics Workspace in Microsoft Azure3:31
Lab: Setting Up Microsoft Sentinel in Azure3:43
Lab: Introduction to Content Hub in Microsoft Sentinel6:14
Hands-On Lab: Integration of Threat Intelligence into Microsoft Sentinel18:53
Manually Adding Indicators of Compromise (IOCs) in Microsoft Sentinel22:56
Hans-On Lab: Feeding Sentinel with Microsoft Defender Threat Intelligence22:56
Add IOCs to Microsoft Sentinel threat intel using the threat intel blade, creating IPv4 indicators and URLs, mapping to MITRE kill chains and validating via logs.

IOCs vs IOAs: Understanding the Indicators That Matter3:21
Tactics, Techniques & Procedures (TTPs): The DNA of Cyber Attacks3:30
MITRE ATT&CK (Part-2) A Framework Every Analyst Should Know26:33
Explore the Mitre attack framework from reconnaissance to exfiltration, highlighting initial access, execution with PowerShell, persistence via registry run keys, discovery, lateral movement, and command and control.
Cyber Kill Chain 101: Anatomy of a Cyberattack7:01
Cyber Kill Chain 101: Reconnaissance – The Attacker’s First Move7:35
Cyber Kill Chain 101: Weaponization – Crafting the Payload6:54
Cyber Kill Chain 101: Delivery – Getting the Payload to the Target9:27
Explore how attackers deliver malware via phishing emails, fake websites, drive-by downloads, and infected USB drives, weaponizing exploits and payloads to target organizations; strengthen defenses with verification and security awareness.
Cyber Kill Chain 101: Exploitation – Breaking Into the System6:42
Cyber Kill Chain 101: Installation – Gaining a Foothold on the Target4:57
Cyber Kill Chain 101: Command & Control – Taking Remote Access5:12
Explains how attackers use a command and control server to issue commands to infected machines, steal data, and spread malware, while encrypting traffic to hide communications and avoid detection.
Cyber Kill Chain 101: Final Phase – Executing the Attacker’s Mission9:54

Requirements

Willingness to learn and explore real-world cyber threats and intelligence tools.

Description

Are you ready to dive into the world of Cyber Threat Intelligence (CTI) and build job-ready skills in one of the most in-demand areas of cybersecurity?

This beginner-friendly course is designed to give you a clear, hands-on understanding of how Cyber Threat Intelligence works, how it supports Security Operations Centers (SOCs), and how you can start using real-world tools and platforms like Microsoft Sentinel and MISP to collect, process, and act on threat data. You’ll also gain insights into TTPs (Tactics, Techniques, and Procedures) used by adversaries and how CTI helps detect and defend against them.

What You’ll Learn:

Section 1: Introduction to CTI

Understand what CTI is and why it’s critical to modern cybersecurity.
Learn through real-world analogies that make complex topics easy to grasp.

Section 2: CTI Lifecycle Explained

Follow the CTI lifecycle: Direction, Collection, Processing, Analysis, and Dissemination.
Learn how each phase supports threat detection and enables a proactive defense strategy.

Section 3: Types of Threat Intelligence

Dive into the four core types: Strategic, Tactical, Operational, and Technical intelligence.
Understand how to apply them based on organizational needs and threat landscapes.

Section 4: Labs – Threat Intelligence in Microsoft Sentinel

Set up your Microsoft Azure environment and deploy Microsoft Sentinel.
Configure Log Analytics, explore the Content Hub, and integrate threat intelligence feeds including TTPs and IOCs.
Learn how to operationalize CTI in a cloud-native SOC platform.

Section 5: Tools Every Analyst Should Know

Explore the top 5 threat intelligence tools, including MISP for threat sharing and enrichment.
See how these tools help track, analyze, and defend against real-world attacks using known TTPs.

Who this course is for:

Beginners who are curious about cybersecurity and want to understand how threat intelligence works.
Students or recent graduates aiming to enter the cybersecurity field.
IT professionals looking to pivot into threat intelligence or enhance their security knowledge.
SOC analysts or blue teamers seeking to build a foundation in CTI and integrate Microsoft Sentinel.

Cybersecurity Essentials:Cyber Threat Intelligence 101(2025)

What you'll learn

Explore related topics

Course content

Introduction to Cyber Threat Intelligence3 lectures • 21min

Cyber Threat Intelligence (CTI) Lifecycle Explained5 lectures • 15min

Exploring the Different Types of Threat Intelligence4 lectures • 21min

Threat Intelligence Labs with Microsoft Sentinel8 lectures • 1hr 33min

Core Concepts in CTI: Indicators, Tactics & Attack Models"11 lectures • 1hr 31min

Getting Started with Threat Intelligence Tools5 lectures • 55min

Requirements

Description

Who this course is for: