To enable an intelligence package to be useful, at this point we need to ask ourselves:
- What information is applicable to the teams?
- Vulnerability management, security configuration management, and systems administration may need to know OS information and IP information
- Network security and continuous security monitoring may need to know IP information and domain information
- Threat intel management and malware analysis may need to know TTP information and hash information
- Who are the key stakeholders that need to know this information?
- How does it need to be delivered?