Fig. 3From: TIM: threat context-enhanced TTP intelligence mining on unstructured threat dataThreat Context Enhanced TTPs Intelligence Mining Framework (TIM). The whole workflow starts with the crawling module. Via preprocessing, feature embedding, TTP classification (TCENet), and intelligence&detection rule generation modules, we finally obtain TTP intelligence in STIX 2.1 format and Sigma detection rules. We use these TTP intelligence and detection rule for intelligence sharing and defenseBack to article page