Create an Intelligence Requirement
As an analyst, you can create an Intelligence Requirement (IR) to address specific cybersecurity challenges and potential threats.
Before you Start
Ensure you have View/Create permissions for Intelligence Requirements in Roles & Permissions.
Steps
To create an IR, do the following:
Sign in to the Analyst Portal.
Navigate to Intelligence Requirements from the sidebar, and click My IRs. You can view all the IRs that you have created here.
Click Create IR in the upper-right corner. Use the following information while creating an IR:
Title: Enter the IR title. For example, Phishing Campaign Targeting Employee Email Accounts.
Description: Enter a detailed description for the IR.
TLP: Select the TLP associated with the IR. The default TLP is AMBER. For more information about TLPs, see TLP Controls.
IR Type: Select the IR type to define the scope and focus of the IR. The types are GIR, PIR, and SIR. The default IR Type is General Intelligence Requirement (GIR).
Priority: Select the priority of the IR. Options are High, Medium, and Low. The default priority is Medium.
Category: Select the IR category. The category helps classify the intelligence requirements into relevant domains. To know more about configuring IR categories, see Add IR Categories.
Sub-category (optional): Select the sub-category associated with the previously selected IR category.
Tags: Enter the tags that are associated with the IR. Tags play an important role in IRs because members view alerts based on the tags that match the IR. Examples of tags are Phishing, Email Security, Social Engineering, and Data Breaches.
End Date: Enter the end date to close the IR. By default, the end date is set to three months from the day of publication. After the end date, members following the IR no longer view alerts corresponding to the IR. The minimum end date that you can set is 24 hours from the time of publishing.
Attachments (optional): Upload up to 10 files to give additional context to the IR. Each file can be of a maximum size of 10 MB.
Note
To save an IR as a draft, ensure you have entered the title because it is a mandatory field. You can find all your drafted IRs in My IRs.
Click Publish to create the IR. Published IRs appear in the IR Repo section and are available for members to follow. In the IR Repo, members can choose to follow the IR.
Best Practises while Creating IRs
Create and publish IRs with clear and descriptive titles and descriptions that accurately convey the objective and scope of the IR. Be specific about what intelligence you are seeking to gather or the security challenge you are addressing.
Use relevant tags that accurately reflect the key aspects of the IR.
Review and evaluate the effectiveness of ongoing IRs and the related alerts to improve the process of creating and publishing IRs.
Verify and validate the information in the IR because when you create or publish an IR, it is directly published to the IR Repo and you can no longer delete it.
Add IR Categories
Categories and sub-categories organize and classify Intelligence Requirements (IRs) based on their relevant domains and provide contextual information. You can manage these categories by navigating IR Settings in the upper-right corner.
By default, there are 10 IR categories such as Malware, Vulnerabilities, Data Breaches, Insider Threats, Mobile Security, and more. Additionally, each default category consists of 5 sub-categories. You can either use the default categories or add IR categories based on your preference. Use the following information while adding new categories and sub-categories:
Click Add Category to add a new IR category and corresponding sub-categories.
Note
You can add up to 20 active categories and sub-categories.
You cannot delete or inactivate a category or sub-categories if they are currently being used in ongoing IRs.
After adding categories, you can use them while creating IRs. Similarly, members can also use these categories while submitting IRs.