This document discusses cyber threat intelligence and how it can be collected and produced. It defines intelligence as taking data and using knowledge and experience to determine what is factual and probable about past and future events, and communicating this information to decision makers. It provides examples of assessing the probability of threats based on known vulnerabilities and exploits. It also outlines various data sources that can be used to collect intelligence both within an organization and on the open internet. These include network flow data, endpoint monitoring, and searching open sources. It stresses the importance of knowing the motivations and techniques of different attackers in order to effectively defend an organization.