In today’s evolving cyber landscape, reactive security isn’t enough—organizations need a proactive, intelligence-driven defense to stay ahead of adversaries. The Certified Threat Intelligence Analyst (CTIA) course equips SOC teams, security engineers, and cyber threat intelligence (CTI) professionals with the practical skills and technical expertise to implement real-world threat intelligence strategies effectively.
This comprehensive, hands-on course covers threat intelligence gathering, operationalization, and automation, ensuring students build and deploy intelligence-driven detection rules across SIEMs, Snort, Elastic Security, MISP, and more.
With real-world labs, practical case studies, and deep technical insights, participants will master Sigma rule creation, OpenIOC structuring, STIX/TAXII automation, and custom scripting—empowering them to detect, analyze, and mitigate cyber threats before they strike.
Whether you’re building a new threat intelligence program or enhancing SOC operations, CTIA delivers the skills needed to turn intelligence into action.
|
Key takeaways |
Upon completion you will know to perform thorough threat analysis on any information system, and be able to accurately report on your findings.
By completing this course you will earn 40 CEUs.
|
Prerequisites |
Suggested Prerequisites:
Or equivalent
|
Target audience |
Modules:
Hands-On Labs:
Course Introduction
Module 1: Threat Intelligence Basics
Module 2: Security Analysis Basics
Module 3: Cyber Threats
Module 4: Threat Actors
Module 5: Cyber Threats & Malicious Actors Case Studies
Module 6: Threats Identification
Module 7: Implementing a Proactive Threat Intelligence Approach
Lab 1 – Setting up SIEM Environment
Section 1 – Setup Elastic Search
Lab 2 – Practical Threat Analysis
Section 1 – Static Analysis on WannaCry Threat
Section 2 – Dynamic Analysis on WannaCry Threat
Section 3 – Perform an Analysis on your own
Lab 3 – Hunting for Active Threats through Collected Logs
Section 1 – Hunting for Backdoors
Section 2 – Hunting for Intrusions
Section 3 – Threat Actor Profiling using MITRE ATT&CK.
Lab 4 – Defensive Threat Intelligence Development
Section 1 – YARA Rules Usage, Development, and Improvement
Section 2 – Snort Rules Usage, Development, and Improvement
Lab 5 – Threat Intelligence Data Integration with SIEM
Section 1 – Implement Real-Time Threat Intelligence within SIEM
Lab 6 – Leveraging MISP for Threat Intelligence
Section 1 – Analyzing an Attack by adding an Event
Section 2 – Add an event based on actual attack
Section 3 – Decay and Warning Lists
Section 4 – MISP feeds
Lab 7 – OSINT Methodology to Identify Threats
Section 1 – Discovering Threats through Google Dorks OSINT
Section 2 – Discovering Threats through Social Media OSINT
Section 3 – Discovering Threats through Intelligence Sharing
Section 4 – Discovering Threats through Dark Web OSINT
Section 5 – Discovering Threats through Vulnerabilities Databases OSINT
Lab 8 – Exploitation, Analyzing, and Research
Section 1 – Exploitation and Analysis of SIEM Logs
Section 2 – Analyzing Exported SIEM logs
Section 3 – Researching OTX for threats affecting a specific industry
Lab 9 – Integrating Elastic and MISP
Section 1 – Manual Ingestion of MISP Events into Elastic
Section 2 – Visualize Threat Feeds in Elasticsearch
Section 3 – Ingesting MISP Events to Elastic Defender Rules
Section 4 – Automate IOC Ingestion into Elastic’s Detection Rules
Objective:
Upon completion, Certified Threat Intelligence Analyst course students will be ready to sit for the C)TIA exam.
The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.
A minimum grade of 70% is required for certification.
Your exam is included in the course fee!
All Mile2 certifications will be awarded a 3-year expiration date.
There are two requirements to maintain Mile2 certification:
For SOC-team, CTI-analytikere (trusselintelligens), sikkerhetsingeniører og sikkerhetsadministratorer, Microsoft- og Active Directory-administratorer samt penetrasjonstestere – og alle som vil bygge en proaktiv, etterretningsdrevet forsvarsevne.
Anbefalt: ca. 12 mnd. erfaring med sårbarhetstesting, og Mile2-kurs som C)SP, C)IHE, C)PTE – eller tilsvarende kompetanse.
Å innhente, operasjonalisere og automatisere trusseletterretning: bygge deteksjonsregler i SIEM, Snort, Elastic Security og MISP; lage Sigma-regler, OpenIOC, bruke STIX/TAXII og enkel skripting. Du dekker også trusler, aktører, rammeverk og caser (f.eks. Stuxnet, WannaCry, Zerologon).
Fullført kurs gir 40 CEUs og forbereder deg til C)TIA-eksamen.
Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 4 dager, undervisningen er på engelsk.
Ja – omfattende hands-on-labber: oppsett av SIEM/Elastic, praktisk trusselanalyse (statisk/dynamisk, bl.a. WannaCry), threat hunting i logger, utvikling av YARA/Snort-regler, integrasjon av intel i SIEM, arbeid i MISP (events/feeds/decay), OSINT (Google dorks, sosiale medier, dark web, vulndatabaser) og automatisert IOC-innlasting til Elastic-regler.
Kursavgiften er 30 000 NOK, og eksamen er inkludert i prisen.
Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.
Ja – kurset inkluderer sertifiseringseksamnen Certified Threat Intelligence Analyst.
Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål
Eksamen tas online via Mile2 sin læringsplattform.
Sertifiseringen er gyldig i 3 år. For å beholde den må du:
Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.
Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.
Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.