Cyber Threat Intelligence (CTI) is threat information intended for security purposes. However, use for incident response demands standardization. This study examines the broader security incident response perspective. Introducing 18 core concepts, we assist efforts to establish and assess current standardization approaches. We further provide the reader with a detailed analysis of 6 incident response formats. While we synthesize structural elements, we point to characteristics and show format deficiencies. Also, we describe how core concepts can be used to determine a suitable format for a given use case. Our surveys’ findings indicate a consistent focus on incident response actions within all formats. Besides, playbooks are used to represent procedures. Different use cases suggest that organizations can leverage and combine multiple formats. Finally, we discuss open research challenges to fully realize incident response potentials.

中文翻译：

---

网络威胁情报的比较研究：安全事件响应视角

网络威胁情报 (CTI) 是用于安全目的的威胁信息。但是，用于事件响应需要标准化。本研究考察了更广泛的安全事件响应视角。引入 18 个核心概念，我们协助建立和评估当前的标准化方法。我们进一步为读者提供了 6 种事件响应格式的详细分析。当我们综合结构元素时，我们会指出特征并显示格式缺陷。此外，我们还描述了如何使用核心概念来确定给定用例的合适格式。我们的调查结果表明，我们一致关注所有形式的事件响应行动。此外，剧本用于表示过程。不同的用例表明组织可以利用和组合多种格式。