Compare Two Reports

Draft

Level: Intermediate

Goal: Assess whether two reports describe related activity.

Real-Life Scenario

Two public reports mention similar tooling and infrastructure, and the analyst needs to decide whether they describe the same campaign or only common tradecraft.

When To Use This

Use this workflow when you need a structured analyst workflow and want the output to remain traceable to evidence.

Steps

Analyze and store both reports.
Open report comparison.
Compare shared and unique TTPs, IOCs, and actor hints.
Separate generic overlap from distinctive behavior.
Export the comparison summary.

Expected Result

Relationship assessment between reports.

Review Notes

Keep source labels and evidence attached to every accepted result.
Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
Export only reviewed findings for customer, SOC, detection engineering, or executive use.

Draft​

Real-Life Scenario​

When To Use This​

Steps​

Expected Result​

Review Notes​