An overview of working with threat intel reports in Cortex XSOAR.
Threat intel reports summarize and share threat intelligence research conducted within your organization by threat analysts and threat hunters. Threat intelligence reports help you communicate the current threat landscape to internal and external stakeholders, whether in the form of high-level summary reports for C-level executives, or detailed, tactical reports for the SOC and other security stakeholders.
Threat intel reports help address multiple relevant reporting use cases:
Global cybersecurity threats. Report to colleagues and executives if, and how, such threats affected your organization, and what was done to remediate and prevent future attacks.
Periodic monitoring. Keep track of infiltration attempts by adversaries within your industry vertical, and publish periodic status updates on any new behaviors.
Open source intelligence (OSINT) reports. Aggregate highlights of external publications that should be actively brought to the attention of your SOC. This is usually done to ensure that relevant employees are up-to-date with the latest security trends so they can make more informed decisions.
Threat hunting. Report to colleagues, and the larger threat intelligence community, about proactive searches for, and detections of, advanced threats not found by traditional prevention and detection tools.
Note
The threat intel reports feature in Cortex XSOAR is part of the Threat Intelligence Management (TIM) module. You must install the Threat Intel Reports (BETA) content pack to enable using this feature.