Orchestrating Cyber Threat Intelligence using T-Pot and MITRE ATT&CK: From Cyber Attack Data Collection to Advanced Insights

Organizations are facing rising cyberattacks, often without prior defenses, leaving critical infrastructure exposed. This study presents a structured proactive approach to identify possible cyber threats by investigating cyber threat intelligence deploying high-interaction honeypots to attract and analyze nature of the attacks. In this proposed study, we have tailored the deployment for IoT and SCADA systems, integrated with Security Onion for threat intelligence and MITRE ATT&CK framework for measured solutions. Unlike prior static honeypot setups, this cloud-based T-Pot environment enables real-time detection and profiling of attacker tactics, supporting dynamic threat modelling. The configuration reveals high-severity and high-volume threat patterns through live attack surface emulation. Combining honeypots, behavioral analysis, and structured threat mapping advances CTI methodologies and provides a practical framework for…