350-701 · Question #31
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
The correct answer is B. External Threat Feeds. External Threat Feeds (B) are the primary integration point for Cisco Threat Intelligence Director (TID) - they supply structured threat data (indicators of compromise, malicious IPs, domains, file hashes) that TID ingests, correlates, and acts on, enabling SOC teams to automate
Question
What can be integrated with Cisco Threat Intelligence Director to provide information about security threats, which allows the SOC to proactively automate responses to those threats?
Options
- ACisco Umbrella
- BExternal Threat Feeds
- CCisco Threat Grid
- DCisco Stealthwatch
How the community answered
(54 responses)- A2% (1)
- B94% (51)
- D4% (2)
Explanation
External Threat Feeds (B) are the primary integration point for Cisco Threat Intelligence Director (TID) - they supply structured threat data (indicators of compromise, malicious IPs, domains, file hashes) that TID ingests, correlates, and acts on, enabling SOC teams to automate policy-driven responses before threats materialize.
- Cisco Umbrella (A) is a DNS-layer security product that blocks threats at the DNS level; it doesn't feed threat intelligence into TID - it's a consumer of policy, not a data supplier.
- Cisco Threat Grid (C) performs malware analysis and sandboxing, and while it can enrich threat data, TID's core design is built around ingesting external STIX/TAXII-formatted threat feeds, not Threat Grid specifically.
- Cisco Stealthwatch (D) is a network traffic analysis and anomaly detection tool; it generates internal telemetry about your own network behavior rather than providing external threat intelligence to TID.
Memory tip: Think of TID as a funnel - External Threat Feeds are what you pour into it from the outside world (STIX/TAXII sources, ISACs, commercial feeds), while the other options (Umbrella, Stealthwatch, Threat Grid) are Cisco tools that operate within or alongside your environment rather than serving as intelligence suppliers to TID.
Topics
Community Discussion
No community discussion yet for this question.