Build A Sector Threat Brief
Draft
Level: Intermediate
Goal: Create a practical threat brief for one sector/customer.
Real-Life Scenario
A telecom customer asks which actors and techniques are most relevant to their environment this quarter.
When To Use This
Use this workflow when you need a structured analyst workflow and want the output to remain traceable to evidence.
Steps
- Open Sector Intel.
- Select sector, region, technologies, and activity window.
- Review actor ranking and evidence reasons.
- Show relevant TTPs on matrix.
- Summarize top actors, TTPs, and detection priorities.
Expected Result
Sector-specific actor and ATT&CK priority brief.
Review Notes
- Keep source labels and evidence attached to every accepted result.
- Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
- Export only reviewed findings for customer, SOC, detection engineering, or executive use.