Intelligence Requirements
Notice
This feature is available in Collaborate (CSAP) v3.7.4 onwards and is only available for Cyware cloud-based deployments
Intelligence Requirements (IRs) are information requests that help you gain insights into a particular subject over a specified period. IRs guide the collection, analysis, and dissemination of intelligence to support decision-making and threat detection within your organization.
How does it work?
As an analyst, you can review and publish an IR submitted by members and as well as create IRs in the Analyst Portal. After an IR is published, it is available in the IR Repo. Members can choose to follow IRs for which they want to view relevant information through alerts.
Members can access and view alerts based on automatic tag matching between the IR tags and alert tags. During the active period of the IR, members continue to view matched alerts, resulting in the enrichment of their knowledge and awareness about the topic.
Additionally, while creating alerts, you can manually associate published IRs with them. For more information, see Attach Intelligence Requirements.
What are the use cases of Intelligence Requirements?
IRs help you stay updated on the latest cyber threats and trends. This approach allows you to adjust your security strategies to address new challenges.
Intelligence gathered through IRs helps you leverage threat intelligence to strengthen your cybersecurity defenses, respond effectively to threats, and make informed decisions.
This feature helps you manage all your information requirements in a single place, which helps you keep track of and prioritize crucial insights.
You can use IRs to gain insights into newly discovered vulnerabilities in software, hardware, or network infrastructure. This enables you to assess exposure and mitigate risk.
What are the types of Intelligence Requirements?
General Intelligence Requirement (GIR): General Intelligence Requirement (GIR) refers to the information needs which are usually long-term and strategic in nature. GIRs are not specific to any particular threat or incident but are designed to cover a wide range of topics related to cybersecurity.
For example, a GIR might include the need for information about emerging cyber threats, industry-specific attack trends, the capabilities and intentions of known threat actors, or vulnerabilities commonly exploited by attackers.
Priority Intelligence Requirement (PIR): Priority Intelligence Requirement (PIR) is a subset of GIR that i particularly critical or time-sensitive. The identification of PIRs is driven by the current threat landscape, recent security incidents, ongoing attacks, or your organization's specific vulnerabilities. PIRs may change frequently as the threat environment evolves.
For example, you can raise a PIR for emerging advanced persistent threat (APT) groups' targeted cyber espionage activities against financial institutions.
Specific Intelligence Requirement (SIR): Specific Intelligence Requirement (SIR) is a tactical information need that is focused on addressing a particular threat, incident, or vulnerability. SIRs are more detailed and operational compared to GIR and PIR.
For example, if your organization is experiencing a series of targeted phishing attacks, you can publish an SIR to gather intelligence on the sender's tactics, techniques, and procedures (TTPs) to strengthen email security measures.