Summary
Threat intelligence reporting is critical to ensure that the CTI program benefits the organization and that all relevant parties are aware of the threats and attacks the organization faces. Reporting must be tailored to the recipient's needs. As intelligence is created, it needs to be disseminated internally and externally – threat intelligence is a collaborative and interactive subject. Therefore, it is recommended that you join one or more sharing communities. However, you should assess the community you want to join based on factors such as support, maintenance, push and pull requests, cost, terms, and conditions.
This chapter looked at threat intelligence reporting, discussing the types of intelligence reports that a CTI analyst should consider. It discussed how to make reports valuable and create one using a simple template. Then, it detailed how to understand and build adversary campaigns, track threat actors, retire campaigns, and retire CTI courses of...