![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
CAF – C1.f Interpreting User, System and Threat Intelligence
This article provides additional information on how you can meet the requirement for the CAF control – C1.f Interpreting User, System and Threat Intelligence.
Using Threat Intelligence to Support Monitoring
- A structured approach should be used to incorporate threat intelligence and behavioural understanding into security monitoring.
- This helps ensure that emerging threats, new attack techniques and behavioural anomalies are identified and acted upon effectively.
Collecting Threat Intelligence
- Threat intelligence should be gathered from trusted external sources such as:
-
BleepingComputer
-
NCSC
-
CISA
-
- The security team should analyse intelligence received, assessing relevance and associated risks to the organisation and its environments.
Distributing and Acting on Intelligence
-
Threat intelligence should feed directly into internal communication channels (e.g. Teams or Slack).
-
Designated staff or teams should be responsible for monitoring this information.
-
Where appropriate, they should raise support or incident tickets so that required action can be taken promptly.
Supporting Effective Monitoring
- Using threat intelligence in this way helps ensure monitoring processes remain aligned with real-world threats and strengthens the organisation’s ability to detect and respond to malicious activity.