Intelligence Compass | Create Intelligence requirements#

  1. From the left sidebar, select Create icon Data configuration.

  2. Select Intelligence Compass.

  3. Select + Create Requirement.

  4. Under Intelligence requirement, enter a name for this intelligence requirement.

  5. Under ID, enter an ID that will help you identify the requirement within your own organization.

  6. Assign a Priority to the requirement.
    This is a flag for in your organisation.

  7. (Optional) Enter a Description.
    The AI uses this description to match intelligence to the requirement, so including a description is highly recommended if you are using AI matching.

  8. From the Owner drop-down menu, select the user you’d like to set as his intelligence requirement’s owner.

  9. Under Matching type, select whether to match this requirement by AI or by Keyword-based matching.
    The AI will confer an accuracy score (high, medium or low) to each Entity it matches.

  10. If you selected Keyword-based matching, enter the keywords you’d like the requirement to match on and use the checkboxes to select which parts of the Entity should be checked for matches.

  11. (Optional) Under Notify Watchers, select the users and groups you’d like to be alerted when this an Entity matches this requirement. If you chose AI matching, you can choose to only send out notification for matches that have a certain accuracy.**

  12. (Optional) Under Filters, select + Add filter to add filters that include certain Entities in the matching done for this requirement and exclude all Entities that don’t match the filters.
    You can filter by:

    • Entity types Intelligence requirements can match Reports, Malware and Threat actors. If you don’t filter to one or two types, a requirement will match all three.

    • Sources

    • TLPs

    • Tags

  13. (Optional) Under Actions, select + Add actions to define what should happen when an Entity is matches to this intelligence requirement. You can have the system:

    • Add tags to Entities.

    • Remove tags from Entities.

    • Add the matches Entities to Datasets (Add to Dataset).

  14. Under Match new data, check the box to have new Entities automatically matched against this requirement as they are ingested.

  15. Select Save.

The Intelligence Compass will now automatically run, match Entities to these requirements, and link the Entities it found to this requirement.
Every 15 minutes you and any stakeholders that you have assigned as watcher will be receive a notification for each requirement that has matches with intelligence that was ingested.

You can also manually run an Intelligence requirement or manually link an Entity to an Intelligence requirement if it wasn’t matched but needs to be.