From Threat Reports to Continuous Threat Intelligence: A Comparison of Attack Technique Extraction Methods from Textual Artifacts. (arXiv:2210.02601v1 [cs.CR])

The cyberthreat landscape is continuously evolving. Hence, continuous
monitoring and sharing of threat intelligence have become a priority for
organizations. Threat reports, published by cybersecurity vendors, contain
detailed descriptions of attack Tactics, Techniques, and Procedures (TTP)
written in an unstructured text format. Extracting TTP from these reports aids
cybersecurity practitioners and researchers learn and adapt to evolving attacks
and in planning threat mitigation. Researchers have proposed TTP extraction
methods in the literature, however, not all of these proposed methods are …

arxiv comparison continuous extraction intelligence reports threat intelligence