![[watchdog]: Inside a Mirai variant with six-layer persistence](/_astro/Mirai%20Botnet%20with%206%20layers%20of%20persistence%20Hero_Z2qvA8g.webp)
Cybersecurity Glossary
Key terms and concepts in threat intelligence, IP reputation, network security, and more.
I
IP Blocking
IP Blocking is a fundamental cybersecurity method used to control network access by filtering traffic based on IP addresses. While effective for preventing abuse and enforcing policies, it works best when combined with other security measures such as authentication, rate limiting, and behavioral analysis.
Learn more about IP BlockingIP Threat Intelligence
IP Threat Intelligence refers to actionable, context-enriched data about IP addresses (both IPv4 and IPv6) involved in malicious or suspicious activity. It enables security teams to detect, analyze, and respond to threats by identifying hostile infrastructure and understanding adversarial behavior across networks.
Learn more about IP Threat IntelligenceInternet Background Noise
Internet Background Noise refers to the continuous stream of widespread, automated, and unsolicited network traffic observed across public networks. It is generated by benign services (such as web crawlers and research scanners), misconfigured devices, opportunistic scripts, and both legitimate and malicious scanning activities.
Learn more about Internet Background NoiseN
Network Fingerprint
A network fingerprint is a set of observable characteristics derived from network traffic, protocol behavior, or system responses that uniquely identify a device, application, operating system, or network stack.
Learn more about Network FingerprintS
SIEM Noise
SIEM Noise refers to the aggregate volume of low-fidelity, redundant, or non-actionable telemetry and alerts generated within a Security Information and Event Management (SIEM) platform, typically as a result of high-volume log ingestion combined with suboptimal detection logic and limited contextual enrichment.
Learn more about SIEM NoiseT
Threat Intelligence Feeds
Threat intelligence feeds are continuously updated, machine-readable streams of data about known cyber threats - including malicious IP addresses, domains, file hashes, URLs, and vulnerability exploitation indicators - designed for automated ingestion by security tools like SIEMs, firewalls, and SOAR platforms.
Learn more about Threat Intelligence Feeds