Open Source Intelligence (OSINT)

Open source intelligence (OSINT) is data that can be found publically online and freely available for use inside your organization. This data is often produced by individuals or companies and is either given away in the form of marketing material or shared amongst other companies as a source of goodwill for defenders. While great content can easily be found online, it may not be a full replacement for paid intelligence services. Some OSINT may draw incorrect conclusions or could be missing significant analysis, so any data collected should be processed before applying within your organization.

What to Look For

 

  • Provides additional context to indicators that may be linked to your original query
  • Aids analysts in discovering a larger narrative around the threat
  • Could help an analyst find malware or other artifacts
  • Shows third-party perspectives and could be used to begin a conversation with another organization

Questions to Ask

 

  1. How does the indicator I am interested in related to the OSINT?
  2. Are the OSINT claims backed up using data?
  3. Is the OSINT provided by an individual, trusted group or larger organization?
  4. Does there appear to be any misleading material in the OSINT?