Intelligence Requirements
Overview & Challenge
Intelligence Requirements (IRs), a widely used tool within the cybersecurity industry, is a specific question or topic that guides threat intelligence analysts in their research and analysis efforts to help safeguard their organizations. E.g.,“ What ransomware variants are being used against US-based financial institutions?” IRs are typically based on a specific incident, geographical location, industry sector, technology, or ad-hoc requests for information (RFI). An Intelligence Requirement feature needed to be created that would adequately meet the complex needs of an intelligence analyst.
Created while working at ThreatConnect
Details
Creation Process
Due to Intelligence Requirements having such varied use cases, it had to determine what would be included as part of the creation process of an IR. Based on previous customer requests, it was found that the creation process would need to be robust. The process would also include a keyword based system to return relevant results, and the ability to review these results prior to finalization.
Working Within An Intelligence Requirement
In order to streamline the user's analysis of the returned results, an ability for the user to act on the results must be included. Each result had the matching criteria listed, the ability to be marked as a false positive, be archived, and be converted to an association. Keywords could also be edited, as could the requirement itself, retrieving new results as needed.
Reviewing with Customers & Planning Enhancements
Designs were reviewed with customers and feedback was collected. Low effort changes were incorporated immediately, while larger suggestions were planned as future enhancements. After release, the adoption rate of the feature was high, and feedback was continually collected for future enhancements.