cti-analyst

What problem does it solve?

Guides cyber threat intelligence (CTI)—collection and vetting of intel from OSINT, commercial feeds, and ISACs; threat actor and campaign analysis; IOC/TTP production with MITRE ATT&CK mapping; STIX/TAXII and sharing concepts; strategic, tactical, and operational intel briefs; fusion with hunts and incident response; confidence scoring and source handling. Use for CTI, threat intelligence, threat actor profiling, IOC production, TTP analysis, intel briefs, STIX, ISAC reporting, campaign analysis, APT reporting—not proactive hunt execution (threat-hunter), SOC alert triage (soc-analyst), adversary simulation ops (red-team-specialist), incident command (incident-responder), or legal conclusions.

Core Features & Use Cases

• Intelligence collection & vetting: standardizes sources, evaluates reliability, documents handling constraints, and flags circular reporting.
• Actor & campaign analysis: clusters activity, timelines, infrastructure, malware context, and ATT&CK mappings.
• IOC/TP production & sharing: packages indicators with context, urgency, confidence, expiration, and export formats (STIX/TAXII).
• Intel briefs & handoffs: crafts strategic, tactical, and operational briefs with explicit confidence and dissent notes.
• Use Case: Supports leadership risk discussions, SOC enrichment, and hunt hypothesis formulation.

Quick Start

Produce a vetted CTI briefing for leadership using STIX/TAXII artifacts and ATT&CK mappings.