In the CTI Lifecycle, which phase involves gathering raw data?

In the Cyber Threat Intelligence (CTI) Lifecycle, the phase that involves gathering raw data is the Collection phase. This phase is critical as it lays the foundation for all subsequent steps in the intelligence process. During the Collection phase, threat data is actively gathered from various sources, which can include both external and internal data feeds, open-source intelligence, human sources, and other types of information.

This raw data can come in various formats and may include logs, network traffic data, threat reports, or any other relevant information that could contribute to understanding the threat landscape. The key purpose of this phase is to accumulate as much raw information as possible before it is processed, analyzed, and transformed into actionable intelligence.

Subsequent phases, such as Processing, involve refining and organizing the collected data, while Dissemination involves sharing the refined intelligence with stakeholders. Each phase plays a distinct role in the overall lifecycle, but the Collection phase is specifically focused on sourcing the raw data that fuels the entire process.