Intelligence Requirements
Your Key Intelligence Questions
Intelligence Requirements are the long-standing questions that your stakeholders want answers to on an ongoing basis. These questions drive your intelligence program, and without them (or RFI’s), you are producing intelligence for the sake of producing intel.
On each IR page, you’ll see a Summary, which is the overall concept of the requirement, and will identify the thought or purpose behind the requirement.
In addition, you’ll find the Collection Requirements
which are the data sources you’ll need to use in order to satisfy the intelligence questions contained in the IR.
Alongside these, you’ll see the Essential Elements of Information
or EEI’s. Which are the specific, granular questions that this IR contains. These are the questions that you’ll seek to answer as a CTI shop.
You’ll find two sections for Related Reports
and for Related Threat Hunts
on the sidebar, which provide you links and information pertaining to these two areas. Typically you will be producing reports to answer the Intelligence Requirements, so we link those reports that are associated with this particular IR here. Similarly, you’ll conduct threat hunts to attempt and answer your questions contained in IR’s, and if the threat hunt is associated with this IR, they will be linked here for quick reference.
There are a few useful metrics that can be found on the dashboard page of the IR’s, with one being the “Number of Reports per IR”. This metric is useful for identifying which Intelligence Requirement has produced the most reporting, which can inform you of the IR’s worth prioritizing, as well as what data sources would need to be improved (since data sources are tied to IR’s, this is easy!).