[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [AI Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-cybersecurity?ts=markdown) 3. [Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) 4. [Threat Intelligence Use Cases and Examples](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples?ts=markdown) Table of Contents * [What Is Cyber Threat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) * [What Data Is Considered Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#considered?ts=markdown) * [Sources of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#sources?ts=markdown) * [Tools and Services in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#tools?ts=markdown) * [Practical Implementation of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#implementation?ts=markdown) * [The Threat Intelligence Lifecycle: An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#lifecycle?ts=markdown) * [Building an Effective Threat Intelligence Program](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#program?ts=markdown) * [Threat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti#faq?ts=markdown) * Threat Intelligence Use Cases and Examples * [What Are the 4 Types of Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#types?ts=markdown) * [Top 4 Use Cases for a Threat Intel Platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#use-cases?ts=markdown) * [Specific Examples of Threat Intelligence Use Cases](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#examples?ts=markdown) * [MITRE ATT\&CK as a Threat Intelligence Use Case](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#mitre?ts=markdown) * [Threat Intelligence Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#faq?ts=markdown) * [What is the Threat Intelligence Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle?ts=markdown) * [Why is the Threat Intelligence Lifecycle Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#why?ts=markdown) * [The 6 Stages of the Threat Intelligence Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#lifecycle?ts=markdown) * [Benefits of the Threat Intelligence Lifecycle Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#benefits?ts=markdown) * [Threat Intelligence Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle#faqs?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown) * [The Value of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#value?ts=markdown) * [How Threat Intelligence Works](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#intelligence?ts=markdown) * [Types and Examples of Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#examples?ts=markdown) * [Why Do Organizations Need a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#organizations?ts=markdown) * [Key Characteristics of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#characteristics?ts=markdown) * [Types of Threat Intelligence Data](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#threat?ts=markdown) * [Implementation of a Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#platform?ts=markdown) * [Threat Intelligence Platforms FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform#faqs?ts=markdown) * [What Are Unknown Cyberthreats?](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats?ts=markdown) * [How Unknown Cyberthreats Are Redefining Cloud Security](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#how?ts=markdown) * [Why Unknown Threats Matter](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#why?ts=markdown) * [Types of Unknown Cyberthreats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#types?ts=markdown) * [Advanced Defense Strategies for Modern Threats](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#advanced?ts=markdown) * [Resilient Cloud Security Starts with Visibility and Adaptation](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#resilient?ts=markdown) * [Unknown Cyberthreats FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats#faqs?ts=markdown) * [What Are Cyberthreat Intelligence Tools?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools?ts=markdown) * [Types of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#types?ts=markdown) * [How Threat Intelligence Tools Work](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#tools?ts=markdown) * [Key Functions of Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#key?ts=markdown) * [What is a Threat Intelligence Platform (TIP)?](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#platform?ts=markdown) * [Best Practices for Implementing Threat Intelligence Tools](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#practices?ts=markdown) * [Emerging Trends in Threat Intelligence](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#trends?ts=markdown) * [Threat Intelligence Tools FAQs](https://www.paloaltonetworks.com/cyberpedia/cyber-threat-intelligence-tools#faqs?ts=markdown) * [What are the Types of Cyberthreat Intelligence (CTI)?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence?ts=markdown) * [What is Cyberthreat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#cyberthreat?ts=markdown) * [What is Strategic Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#strategic?ts=markdown) * [What is Tactical Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#tactical?ts=markdown) * [What is Operational Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#operational?ts=markdown) * [Application of Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#application?ts=markdown) * [Challenges in Cyberthreat Intelligence](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#challenges?ts=markdown) * [Cyberthreat Intelligence FAQs](https://www.paloaltonetworks.com/cyberpedia/types-of-cyberthreat-intelligence#faqs?ts=markdown) # Threat Intelligence Use Cases and Examples 4 min. read Table of Contents * * [What Are the 4 Types of Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#types?ts=markdown) * [Top 4 Use Cases for a Threat Intel Platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#use-cases?ts=markdown) * [Specific Examples of Threat Intelligence Use Cases](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#examples?ts=markdown) * [MITRE ATT\&CK as a Threat Intelligence Use Case](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#mitre?ts=markdown) * [Threat Intelligence Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#faq?ts=markdown) 1. What Are the 4 Types of Threat Intelligence? * * [What Are the 4 Types of Threat Intelligence?](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#types?ts=markdown) * [Top 4 Use Cases for a Threat Intel Platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#use-cases?ts=markdown) * [Specific Examples of Threat Intelligence Use Cases](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#examples?ts=markdown) * [MITRE ATT\&CK as a Threat Intelligence Use Case](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#mitre?ts=markdown) * [Threat Intelligence Use Cases FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples#faq?ts=markdown) Threat intelligence provides organizations with valuable information about potential cyberthreats and vulnerabilities. The ability to survey the entire threat landscape is essential, requiring organizations to prioritize threat intelligence. Threat intelligence use cases encompass a wide range of activities and strategies aimed at identifying, mitigating, and responding to cyberthreats. The specific use cases that are most relevant to an organization depend on its industry, size, and unique cybersecurity needs. As a rule, the more an organization relies on applications, digital tools, and technology-driven workflows for its business operations, the more use cases it identifies for threat intelligence. ## What Are the 4 Types of Threat Intelligence? Understanding the various types of threat intelligence is a cornerstone of effective cybersecurity. The landscape of cyberthreats is complex and dynamic, demanding a nuanced approach to defense. In this exploration, the focus is on the different categories of threat intelligence --- tactical, operational, strategic, and technical --- each serving a distinct purpose. These types are dissected to reveal their unique roles in helping organizations anticipate, identify, and respond to cyberthreats, providing a comprehensive view of how they collectively fortify cybersecurity measures. ### Strategic Threat Intelligence Strategic threat intelligence refers to the broad analysis of the cyberthreat landscape with an emphasis on long-term trends. Its core purpose is to inform decision-makers about the overarching cyber risks that could impact an organization's future. Strategic threat intelligence is the starting point of an enterprise-wide cybersecurity intelligence program. Unlike its more immediate counterparts, strategic intelligence deals less with the technical specifics of daily threats and more with the analysis of potential future risks, emerging threat patterns, geopolitical developments, and the implications of new technologies and laws on cybersecurity. ### Tactical Threat Intelligence Tactical threat intelligence provides detailed information on the tactics, techniques, and procedures (TTPs) employed by cyberthreat actors. Its purpose is to give IT security teams the insights formed from comprehensive data collection to strengthen defenses and respond to threats in real time. Tactical intelligence often includes specifics such as malware signatures, indicators of compromise (IoCs), and analysis of threat actor behavior. This type of intelligence focuses on the current methods attackers use, offering insights into the latest cyberthreats. Security teams use this information to update firewalls, enhance security protocols, and train personnel to recognize and mitigate these risks. Tactical intelligence keeps pace with the rapidly changing threat landscape, enabling security measures to be as current as possible. ### Operational Threat Intelligence Operational threat intelligence pertains to the specifics of individual cyberthreats and campaigns. It provides insights into the motivations, targets, and methods of attackers, often in real time. Operational intelligence is integral to [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) teams that need to understand the context of an attack to effectively counteract it. ### Technical Threat Intelligence Technical threat intelligence allows teams to conduct proactive [threat hunting](https://www.paloaltonetworks.com/cyberpedia/threat-hunting?ts=markdown), analyze security incidents in depth, and locate forensic evidence to help defend against and mitigate the impact of [cyberattacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). Technical threat intelligence also provides a foundation for enhancing security measures, keeping systems updated against known threats, and improving an organization's resilience. ## Top 4 Use Cases for a Threat Intel Platform (TIP) A [threat intelligence platform (TIP)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform?ts=markdown)'s primary goal is to help organizations proactively defend against cyberthreats by providing timely and relevant information about intent and capabilities of relevant threat actors. The platform plays an important role in cybersecurity strategy, enabling organizations to enhance their threat detection, response, and mitigation capabilities. You'll encounter many use cases where cybersecurity threat intelligence plays a pivotal role in the digital health of an organization, its people, and its assets. These use cases fall into several broad categories, including: 1. Threat identification 2. Threat prevention 3. Threat remediation ### 1. Incident Enrichment Using Threat Intel Data **Problem** : Most tools that [security operations centers (SOC)](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) and [incident response (IR)](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) teams use to respond to alerts are very generic. There is not much correlation between network data and understanding of threats and attacker movements. Many times there is a dump of information including bad IP addresses or domains and someone has to be assigned to resolve them and figure out false positives manually. In addition, there is a lack of understanding of malicious families, hacking tools and their patterns of attacks. The process is cumbersome, takes a lot of time, and is impractical -- all of which becomes especially true in the present security scenario, where hundreds, if not thousands, of indicators are collected daily. **Solution**: Accelerating incident response with TIP and alert enrichment using threat intelligence (TI) data. Incident enrichment workflow in Cortex XSOAR Threat Intelligence Management (TIM) leverages TI from their very own high-fidelity centralized threat intelligence library. [Research data from Unit 42](https://www.paloaltonetworks.com/unit42?ts=markdown)^®^ to learn more about: * Known malware campaigns or families * IPs and domains with WHOIS data * Passive DNS data * Web categorization data The video below provides you with a glimpse into our [next release, TIM 3.0](https://bcove.video/3osxGYr), and explores the enhancements and capabilities listed above, including how they can assist you in responding to incidents with confidence. ![Incident Enrichment Using Threat Intelligence](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/cortex-video.jpg) close ### 2. Proactive Blocking of Threats **Problem:** The security team needs to leverage TI to block or alert on indicators of compromise (IoC) such as known bad domains, IPs, and hashes, using detection response tools and techniques. The indicators are being collected from many different sources that need to be normalized, scored, and analyzed before the customer can push to security devices such as [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem) and firewall for alerting. Detection tools can only handle limited amounts of TI data and must constantly reprioritize indicators. **Solution:** Proactive threat monitoring with playbook-driven automation. With indicator prioritization, you can ingest alerts from email inboxes through integrations. Once an alert is ingested, a playbook is triggered and can have any combination of automated or manual actions that users desire. The playbooks can have filters and conditions that execute different branches depending on certain values. Here is a [demo](https://bcove.video/3kulRzS) of how TIM works with proactive blocking of threats. ### 3. Intelligence Reporting and Distribution **Problem:** TI programs have a growing set of responsibilities. One key responsibility is producing and disseminating TI reports that keep employees updated on the latest threats targeting their industry. Most intelligence is still shared via unstructured formats such as email and blogs. Sharing information about the IoC isn't enough. Additional context is required for the shared intelligence to have value. Analysts go through hours of manual work to create reports by performing the following activities: * Aggregating and digging for news of known malware families * Curating news and threats related to the company or vertical for an industry * Describing why the stories are relevant to the company The analysts then need to send this report to a large audience to raise security awareness and alert other stakeholders so they can facilitate better-informed decisions in the future. **Solution:** Workflows and a central repository for intelligence analysts to create, collaborate and share finished intelligence products with stakeholders via PDF reports. Intel analysts will be able to understand trends within TI using their local/curated intel and Unit 42 Threat Intelligence. ![Intelligence Reporting and Distribution](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/intelligence-reporting-and-distribution-thumbnail.jpg) close ### 4. External Threat Landscape Modeling **Problem:** TI teams need to understand details of attacks and how their organization may be vulnerable. The foundational element of understanding risk/impact to an organization begins when threat analysts begin profiling the attacks. **Solution:** [Threat modeling](https://www.paloaltonetworks.com/cyberpedia/threat-modeling?ts=markdown) is employed to prevent or mitigate the impact of threats on the system. The threat intel team is responsible for contsructing profiles of threat actors, determining the existence of elated attacks, and identifying the techniques and tools used by the threat actor. Subsequently, this information is shared with key stakeholders, including security operations and leadership team. See this [demo](https://bcove.video/3wUuRmV) to see how external threat landscaping is done in a real scenario. Together, these use cases form the basis of a cyber threat intelligence framework that acts as a guideline for using various threat intelligence sources to spot potential cyber problems before they have a substantial impact. Threat intelligence use cases typically align with one or more different types of threat intelligence. [Watch our video](https://bcove.video/3wUuRmV) to see how external threat landscaping is done in a real scenario. ## Specific Examples of Threat Intelligence Use Cases ![Threat Intelligence Use Cases Relevant to You](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/threat-intelligence-use-cases.png "Threat Intelligence Use Cases Relevant to You") ## MITRE ATT\&CK as a Threat Intelligence Use Case [MITRE ATT\&CK](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) (Adversarial Tactics, Techniques, and Common Knowledge) is a security framework threat hunters use. Organizations use MITRE ATT\&CK to determine the tactics, techniques, and procedures (TTPs) used by cyber adversaries. TI teams and organizations can [use MITRE ATT\&CK in various ways](https://www.paloaltonetworks.com/resources/research/2023-unit42-mitre-attack-recommendations?ts=markdown) to enhance their cybersecurity efforts. Here are several ways MITRE ATT\&CK can be used for TI: * **Security Operations**: Security teams can use ATT\&CK to match real-time events and behaviors to known attack patterns, enhancing detection and response capabilities. * **Threat Hunting**: Threat hunters can leverage ATT\&CK to search for new or previously undetected activities within an environment that aligns with known adversary behaviors. * **Red Teaming/Adversary Emulation**: Teams can use ATT\&CK to emulate an adversary's TTPs and test the effectiveness of security controls and incident response capabilities. * **Gap Analysis**: ATT\&CK can help organizations identify and prioritize the security gaps adversaries most likely exploit. It can show which tactics and techniques are not adequately covered by existing defenses. * **Security Assessment and Engineering**: Engineers can use the ATT\&CK framework to design and assess security architectures, ensuring that controls are in place to detect or mitigate specific adversary behaviors. * **Incident Response**: Incident responders can use ATT\&CK to categorize adversary behavior during an investigation, allowing them to determine the scope of an intrusion and develop effective remediation plans. * **Threat Intelligence**: Analysts can compare external threat reports with the ATT\&CK framework to understand adversaries' tactics and procedures and communicate about them using a common language. * **Education and Training**: ATT\&CK can serve as a training guide for new cybersecurity professionals to understand common adversary behaviors and the lifecycle of cyberattacks. * **Behavioral Analytics Development**: Security teams can develop new analytics based on ATT\&CK to detect adversarial behavior across different stages of the attack lifecycle. * **Risk Assessment**: Risk management teams can use ATT\&CK to better understand the risks associated with specific adversary behaviors and develop strategies to mitigate those risks. Using MITRE ATT\&CK involves integrating the framework into various cybersecurity practices to improve understanding, detection, and prevention of cyber threats. MITRE ATT\&CK helps organizations understand who is targeting them and their industry, allowing for more informed threat response and proactive defense measures. It can also aid in sharing TI with the broader cybersecurity community. While MITRE ATT\&CK provides a valuable framework for understanding adversary behavior, it may not always lead to conclusive attribution on its own. Nonetheless, it's a critical tool for building a comprehensive understanding of the tactics and techniques used by threat actors, aiding in defense and response efforts. ## Threat Intelligence Use Cases FAQs ### Which members of an organization determine the best use cases for cyber threat intelligence? The organization's CISO, CIO or equivalent high-ranking cybersecurity leader typically makes that determination after consultation with professionals in their SOC team, security team, compliance/privacy/risk management group, or even line-of-business shareholders. ### What is a good way to determine which use case should be utilized for TI? First, start by talking to key business shareholders around the organization; some important functions to consider are compliance, governance, customer management, financial operations, and engineering for intellectual property. Next, consider the technology-centric areas where security breaches can significantly harm, such as an organization's SOC, NOC, critical infrastructure and strategic applications portfolio. Finally, be sure to keep the board of directors involved so they understand the steps to safeguard the organization's assets. ### Which metrics are essential to evaluate the effectiveness of TI in key use cases? Any use case for threat intelligence should be able to be quantitatively measured. While goals for any given use case can vary over time, some key metrics include reducing MTTD and MTTR (mean time to detection and mean time to response), improving the number of attacks prevented on different systems, or decreasing the number of times incidents have to be escalated to a higher level of action. It is also wise to ensure that a third-party TI service meets its contracted service-level agreement for availability and response. Related Content [Cyberthreat Intelligence (CTI) Cyberthreat intelligence enhances cybersecurity by analyzing and sharing insights on digital threats, helping organizations preemptively defend against cyber attacks.](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) [Threat Intelligence Management Product Page Threat intelligence management is the process of effectively managing threat intelligence data. Learn about Palo Alto Networks' threat intelligence management.](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) [Cortex XSOAR Threat Intelligent Management Cortex XSOAR Threat Intelligence Management (TIM) takes a unique approach to native threat intelligence management, unifying aggregation, scoring, and sharing of threat intelligenc...](https://www.paloaltonetworks.com/resources/datasheets/cortex-xsoar-threat-intelligence-management?ts=markdown) [Make Threat Intelligence Actionable with SOAR Enhance SOC efficiency with extended SOAR: Aggregating threat intel for complete control, quick response, and better collaboration.](https://start.paloaltonetworks.com/xsoar-threat-intel.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Threat%20Intelligence%20Use%20Cases%20and%20Examples&body=Identify%20and%20deploy%20threat%20intelligence%20use%20cases%20for%20a%20wide%20number%20of%20scenarios%20to%20better%20secure%20an%20organization%20for%20improved%20security%20and%20business%20outcomes.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/threat-intelligence-use-cases-and-examples) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) What Is Cyber Threat Intelligence (CTI)? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-the-threat-intelligence-life-cycle?ts=markdown) What is the Threat Intelligence Lifecycle? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language