Threat Intelligence Report [Insert classification]
1 Introduction The purpose of this report is to present the findings of an analysis of threat intelligence with relevance to [Organization Name]. Reports are produced at three levels, with the following characteristics: LEVEL
DESCRIPTION
Strategic
Focused on the collection and analysis of high-level information regarding groups of attackers, their motivation, typical targets, types of attack and current levels of activity.
Tactical
Concerned with specific attackers or types of attackers and the tactics, techniques, and procedures (TTPs) that they are currently using to gain access to systems or otherwise pose a threat to our organization.
Operational
Relating to specific and potentially ongoing attacks, including indicators of compromise (IOCs) which may allow us to identify cases where we have suffered a breach.
Table 1: Threat intelligence levels
This document is classified as a strategic/tactical/operational [Delete as appropriate] level report and is produced on an adhoc/annual/monthly/weekly [Define report frequency] basis. The assessment contained within this report is based on an analysis of information collected from sources which are stated at Appendix A. These sources have been reviewed to assess their reliability, accuracy and completeness. This information has then been subject to analysis within [Organization Name] to identify specific intelligence which is actionable within our organization to reduce risk. We welcome feedback on the frequency, layout, contents and any other aspects of this report, which will be used to improve future reports. Feedback should be sent to [Give feedback contact details].
Version 1
Page 8 of 13
[Insert date]