The very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.

网络威胁情报（CTI）的根本目的是提供有关网络安全威胁的有意义的知识。通过共享平台的方式交换和协作生成CTI已被证明是实际应用的重要方面。可以推断，不准确，不完整或过时的威胁情报是一个主要问题，因为只有高质量的CTI才能帮助检测和防御网络攻击。另外，尽管可用CTI的数量在增加，但不能保证质量不会受到影响。因此，随着可用CTI数量的增加，了解CTI工件的质量符合每个利益相关者的最大利益。这样可以做出明智的决定，并可以进行详细的分析。我们的工作对评估威胁情报质量的挑战做出了双重贡献。我们首先提出一系列相关的质量维度，并配置指标以评估CTI中的各个维度。在第二步中，我们展示了现有CTI分析工具的扩展，以使质量评估对安全分析人员透明。此外，在必要时，质量评估概念中应包含分析人员的主观感受。