Creating Intelligence Requirements 101

Listen to this Post

Are you having trouble creating your intelligence requirements? Fear not—this excellent YouTube playlist will help you get started! It covers how to use Intel471’s Cyber Underground General Intelligence Handbook (CU-GIRH) to take general intelligence and make it unique to your organization. This includes creating Priority Intelligence Requirements, assessing the feasibility of these requirements, and building a Collection Plan to ensure you can fulfill them.

👉 A great resource I recommend every cyber threat intelligence analyst tries out!

🔗 Intel471’s Cyber Underground General Intelligence Handbook (CU-GIRH)

You Should Know:

1. Creating Priority Intelligence Requirements (PIR):

  • Use the following template to define PIRs:
    PIR Template:</li>
    <li>Objective: [What is the goal?]</li>
    <li>Stakeholder: [Who needs this intelligence?]</li>
    <li>Intelligence Question: [What specific question needs answering?]</li>
    <li>Timeframe: [When is this intelligence needed?]</li>
    <li>Priority: [High/Medium/Low]
    
  • Example:
    </li>
    <li>Objective: Identify potential ransomware threats targeting the finance sector.</li>
    <li>Stakeholder: CISO</li>
    <li>Intelligence Question: What are the latest ransomware groups targeting financial institutions?</li>
    <li>Timeframe: Within the next 7 days.</li>
    <li>Priority: High
    

2. Assessing Feasibility:

  • Use the following command to gather threat intelligence data from open-source tools like `MISP` (Malware Information Sharing Platform):
    misp-cli search --type threat-actor --tags ransomware
    
  • This command searches for ransomware-related threat actors in your MISP instance.

3. Building a Collection Plan: