“…Examples of data sources [33] combine technical, human, and internal domains, and the knowledge could be both structured and unstructured [19,34]. This naturally raises concerns about the quality of CTI-based feeds: indeed, it is a topic of wide interest [35,36]; Tundis et al [37], for instance, investigated automated assessment of sources and computed a relevance score index to reduce the time needed to verify gathered intelligence. Another task on the same line is that of assessing and evaluating data made available from various sources: open (publicly available) CTI feeds, data from security vendors, industry reports on vulnerabilities, open-source intelligence (OSINT) reports [38], security data extracted from IDS or firewall, data from the security, information, and event management (SIEM) platform, incident response systems, and network traffic and flow logs, to mention a few.…”