Intelligence Requirements
Notice
This feature is available in Collaborate (CSAP) v3.7.4 onwards and is only available for Cyware cloud-based deployments.
Currently, this feature is best supported in Light Mode.
Intelligence Requirements (IRs) are information requests that help you gain insight into a particular subject over a specified period of time. IRs guide the collection, analysis, and dissemination of intelligence to support decision-making, threat detection, and overall cybersecurity improvement within your organization.
How does it work?
As a member, you can submit IR requests when you need specific information about a particular subject. For example, if you want to know about the phishing threat attacks in the finance industry for the next 3 months, you can submit an IR to analysts. After the IR is published, you can view matched alerts for the IR. Within the specified time period of the IR, you continue to receive alerts based on your requirements.
You can also follow IRs published in the IR Repo. The IR Repo consists of all the published IRs that are submitted by other members and published by analysts as well as IRs directly published by analysts themselves. Additionally, if you have enabled the Daily IR Report in Profile Settings > Email Subscriptions, you will receive a daily report of alerts matched in the last 24 hours with the IRs you have followed. By default, this option is enabled for you.
What are the use cases of Intelligence Requirements?
IRs help you stay updated on the latest cyber threats and trends. This approach allows you to adjust your security strategies to address new challenges.
Intelligence gathered through IRs helps you leverage threat intelligence to strengthen your cybersecurity defenses, respond effectively to threats, and make informed decisions.
This feature helps you manage all your information requirements in a single place, which helps you keep track of and prioritize crucial insights.
You can use IRs to gain insights into newly discovered vulnerabilities in software, hardware, or network infrastructure. This enables you to assess exposure and mitigate risk.
What are the types of Intelligence Requirements?
General Intelligence Requirements (GIR): General Intelligence Requirements (GIR) refer to the information needs which are usually long-term and strategic in nature. GIRs are not specific to any particular threat or incident but are designed to cover a wide range of topics related to cybersecurity.
For example, a GIR might include the need for information about emerging cyber threats, industry-specific attack trends, the capabilities and intentions of known threat actors, or vulnerabilities commonly exploited by attackers.
Priority Intelligence Requirements (PIR): Priority Intelligence Requirements (PIR) are a subset of GIR that are particularly critical or time-sensitive. The identification of PIRs is driven by the current threat landscape, recent security incidents, ongoing attacks, or your organization's specific vulnerabilities. PIRs may change frequently as the threat environment evolves.
For example, you can submit a PIR for emerging advanced persistent threat (APT) groups' targeted cyber espionage activities against financial institutions.
Specific Intelligence Requirements (SIR): Specific Intelligence Requirements (SIR) are tactical information needs that are focused on addressing a particular threat, incident, or vulnerability. SIRs are more detailed and operational in nature compared to GIR and PIR.
For example, if your organization is experiencing a series of targeted phishing attacks, you can submit an SIR to gather intelligence on the sender's tactics, techniques, and procedures (TTPs) to strengthen email security measures.