How to Build a Cyber Threat Intelligence Collection Plan
1 min read
Summary
Intelligence collection plans offer a methodical approach to tracking the data sources relevant to an organisation’s intelligence requirements, as well as daily tasks that facilitate the completion of these requirements.
Such plans are essential to transition from the planning stage to the collection stage of the threat intelligence lifecycle.
Key features of a collection plan include tracking relevant data sources and tasks, incorporating visualisations and frameworks to aid comprehension, facilitating collaboration among team members, and enabling agile alteration amidst evolving circumstances.
The following points elaborate on these key features:
• Track data sources: Cataloguing the breadth of data sources and employing filenotes to record pertinent information is crucial for efficient intelligence gathering.
• Visualise intelligence: Mapping threat actors, their artefacts, and the observable behaviours they exhibit assists in analyst comprehension and facilitates communications with non-technical stakeholders.
• Framework usage: Incorporating frameworks such as MITRE ATT&CK, a valuable resource for understanding and expressing adversary behaviours, enhances analysis, and aids in anticipating and mitigating attacks.
• Collaborative efforts: Facilitating team collaboration through platforms like Wikis or collaborative workspaces ensures a cohesive and shared understanding of the intelligence collection process.