CTI Project Ecosystem
Purpose
This page connects the Israel Government Threat Actors CTI knowledge base to the broader CTI documentation ecosystem.
The Ecosystem
| Project | Role | Use When You Need |
|---|---|---|
| CTI Analyst Field Manual | General CTI tradecraft and analyst operating manual | Evidence labels, source reliability, attribution discipline, infrastructure pivoting, actor research, CTI-to-detection method |
| CTI as a Code | Lab platform and training framework | Applying this sector intelligence in hands-on exercises — the A05–A08 NDSA assignments are directly grounded in the Israeli government threat model documented here |
| Operation Desert Hydra | Complete CTI-to-detection pipeline on MuddyWater | Worked detection pipeline for an actor tracked in this knowledge base — source gathering to lab-validated Kibana rules |
| Customer-Driven AI CTI Project | Delivery methodology and customer engagement operating model | Quality gates, project phases, acceptance criteria, detection readiness, replay and reporting workflow |
| Israel Government Threat Actors CTI | Sector and actor knowledge base | Israeli public-sector threat model, actors, tools, TTPs, detections, hunts, source tracking, and evidence mapping |
| AI vs Defense | Practitioner guide: AI-era threat model and SOC adaptation | How AI-assisted adversary capabilities affect the Israeli sector threat model, detection strategy, and CTI program requirements |
| ThreatMapper | Self-hosted AI threat intelligence platform | AI-driven ATT&CK extraction from incident reports, Jaccard-based APT group attribution against 174+ ATT&CK groups, Navigator heatmap for comparing actor technique overlap, and PDF reporting — useful when analyzing new reports about actors tracked here |
| HexStrike AI | AI-powered offensive security automation platform | MCP agent-based tool orchestration, 150+ security tools, AI-driven penetration testing, adversarial validation of detection coverage |
How This Project Fits
This project is the sector and actor knowledge base. It provides practical CTI material for Israeli government, municipal, telecom, critical infrastructure, defense-adjacent, and supplier exposure.
Use the CTI Analyst Field Manual to understand the tradecraft behind evidence labels, attribution, ATT&CK mapping, and CTI-to-detection logic. Use the Customer-Driven AI CTI Project when this knowledge base must become a structured customer delivery or internal program.
Cross-Project Workflows
Actor Page to Tradecraft Guidance
Start with an actor page such as MuddyWater, Void Manticore / Handala, or OilRig. Use the Field Manual to review actor profiling, attribution, evidence labels, and confidence language.
TTP to Detection Delivery
Start with the TTP To Detection Matrix, then use the Field Manual's CTI-to-detection guidance and the Customer project quality gates before production use.
Sector Finding to Customer-Ready Output
Start with the Israel Government Threat Model, then use the Customer project to convert findings into PIRs, SIRs, detection backlog items, SOC handoff, and executive reporting.
Repository Links
- CTI Analyst Field Manual repository
- CTI as a Code repository
- Operation Desert Hydra repository
- Customer-Driven AI CTI Project repository
- Israel Government Threat Actors CTI repository
- AI vs Defense repository
- ThreatMapper repository
- HexStrike AI repository
Boundary
The CTI documentation projects (Field Manual, Customer project, Israel CTI) are defensive and public-source oriented. They do not include malware source code, exploit instructions, leaked data, credentials, or unauthorized-access guidance. HexStrike AI is an authorized offensive security and penetration testing platform; use it only in authorized engagements.