Lab 1: DNS/IP Threat Intelligence Analysis
Lab Objective: IP Threat Intelligence Analysis
Why This Lab Matters:
Every day, cybersecurity analysts investigate suspicious IP addresses that could be attacking their organization. When an intrusion detection system alerts on unusual traffic, analysts must quickly determine: "Is this IP address dangerous or safe?" This lab teaches you the fundamental skill of threat intelligence analysis.
Real-World Application:
Security Operations Centers (SOCs) use threat intelligence platforms like VirusTotal, IBM X-Force, and ThreatConnect to analyze millions of IP addresses daily. This lab simulates the core workflow: loading IP addresses from security alerts, querying threat databases, and generating actionable intelligence reports.
Skills You'll Learn:
- Threat Intelligence Processing: How to analyze IP reputation data and threat indicators
- Data Analysis: Processing JSON threat data from security feeds
- Risk Assessment: Distinguishing between malicious, suspicious, and clean IP addresses
- Incident Response: Generating reports that security teams can act on immediately
Available Data Files
sample_ips.txt
Contains IP addresses to analyzevt_response.json
Mock VirusTotal API responsesTasks to Complete
Type every line of code exactly as shown in the template
Understand how threat intelligence analysis works in practice
Run your code to generate a real security report
Interactive Typing Lab - IP Threat Analysis
Type each line exactly as shown. Press Enter after each line to continue. For empty lines, just press Enter.
Interactive Terminal
Progress: 0/12 lines completed
Expected Output Format
THREAT INTELLIGENCE ANALYSIS REPORT ===================================== EXECUTIVE SUMMARY: Total IPs Analyzed: 10 Malicious IPs: 2 Clean IPs: 6 DETAILED FINDINGS: IP: 185.220.100.252 Reputation: malicious Location: Frankfurt, DE ASN: AS16276 OVH SAS Threat Labels: trojan, botnet, c2