Intelligence Requirements

Overview

An Intelligence Requirement (IR) is a collection of topics or a research question reflecting an organization’s cyber threat–related priorities that guides a security or threat intelligence team’s research and analysis efforts. By establishing IRs, analysts can focus on investigating the things that matter most to their organization and stakeholders and spend less time sifting through various data sources for useful information.

In ThreatConnect^®, you can create an IR object with a logic-based keyword query that identifies information relevant to the IR. ThreatConnect will query the owners you have access to and the ThreatConnect Global Intelligence Dataset and retrieve Cases, Groups, Indicators, Tags, and Victims that match the query. These results are displayed on the IR’s Details screen, providing a central location where you can review the results and take an appropriate course of action for each one: associate the result to the IR object, archive the result, or mark the result as a false result.

In This Series

• Best Practices: Intelligence Requirements: Learn about what an IR is, the types and subtypes of IRs, and best practices to take when writing IRs for your organization.
• Best Practices: Keywords for Intelligence Requirements: Learn about how the IR keyword query logic works in ThreatConnect and best practices for building your IR keyword queries.
• Intelligence Requirement Categories: Learn how to view, create, and manage IR categories on the System Settings screen (System Administrators only).
• Creating Intelligence Requirements: Learn how to create and configure an IR and view its preliminary results.
• Viewing Intelligence Requirement Details: Learn how to view an IR’s Details screen, edit its keyword query, and view and manage its results.

ThreatConnect^® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.

20159-01 v.02.A