Reports
Intelligence Reporting
Intelligence Reports produced in threatnote are one of the major deliverables used to communicate to your stakeholders about the threats and risks that impact them. These are usually generated in response to RFI’s, IR’s, or produced after conducting a threat hunt.
When creating reports, you’ll be able to choose from a variety of options for various metadata, including the intended audience, the industries impacted, the regions impacted, what tasking (IR or RFI) was this report generated in response to, and what ATT&CK TTP’s were observed in this report. This metadata is useful for stakeholders to filter down their reporting results to the ones that matter to their organization and requirements.
As you are writing these reports, you’re able to dynamically tag Indicators of Compromise (IOCs) using a hashtag, i.e. #192.168.1.1 or #www.google.com which automatically extract these indicators and places them in your IOC database. This enables quick and easy IOC management for content you produce.
Also to note when creating reports is the ability to use the Recommendation Library in the Recommendation section to automatically populate the recommendations with pre-canned responses. Typically there are standard mitigations or recommendations for certain activity, and to reduce analyst time, we offer the ability to click on a recommendation and have it automatically populate the recommendation section. Click on “Knowledge Management” > “Reports” > “Recommendation Library” to manage these recommendations.
To enable easier consumption of reports, we offer the ability to summarize the report content using AI. By clicking on the “Summarize with AI” button in the report, you’ll get a brief summary of the activity in the report, enabling quicker response to the details included in the report, saving time and effort.
By using the built-in report viewer, you’re able to expand on the MITRE ATT&CK TTP’s observed, along with their official recommendations, as well as having an appendix of all IOC’s found in the report. Additionally, you can export these reports to PDF and Word documents using the threatnote templates included in this product.
One of the most crucial elements of reporting is the feedback recieved from stakeholders on these reports, and by using the built-in report viewer, you can easily view the feedback from your consumers. This allows you to easily see what was missing, what went well, and any other details related to the report, right inside the platform.