During an analysis or an investigation, analysts use a number of sources to gather many bits of information.
They sift through the data to separate the wheat from the chaff, and then they start connecting the dots to gain a broader perspective and add meaning to the data.
By exploring entity relationships and by gaining extra context through enrichment, they can weave a solid narrative to accurately and objectively describe the threat scenario under investigation.
Intel reports provide a suitable format to structure and to organize this type of content: analysts can include their analysis of the threat scenario, make mitigation recommendations, as well as include links to entities, observables, and relationships in the Intelligence Center.
They can also add relevant attachments such as samples or PDF documents. Moreover, they can specify metadata such as the time ranges defining the start and and time of the observed threat, and the time of observation.
Last but not least, tags help organize and categorize the intelligence.
Intel reports give their intended recipients a rich and sharp picture of the cyber threat landscape they may need to act on.
They can follow links to further explore the reported threat relationships with other potentially malicious elements such as campaigns, C2 infrastructure, or threat actors.
Intel reports implement microdata to add machine-readable semantic relevance to the content. Analysts can leverage microdata to reference any entities, relationships, and observables they include in the reports.
Analysts can publish reports in HTML format through outgoing feeds using any of the supported transport types.
When they choose to make reports available by email, the HTML reports are attached to the email messages before sending them to the intended recipients.
Create a report
To create an intel report to describe a specific cyber threat landscape or scenario, go to the , click , and select Report.
The entity editor opens at Create report, and you can start populating the input fields with content and details about the report you are creating.