# Threat Intelligence Cycle

![](https://668119349-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9XZuLZlYbpZMSIHcIPdL%2Fuploads%2FHcUo4Rdxtwc6uH3VcKRI%2Fimage.png?alt=media\&token=f2f174c6-d34c-4c6c-923b-452d0e631b0a)

* Planning and Requirements
  * Goals
  * Business-aligned
  * Regulations
  * Most likely Threats

* Collection and Processing
  * Organized
  * Consistent
  * Automated (as much as possible)
  * Choose sources of intelligence
  * Processing and normalizing

* Analysis
  * More data!
  * Too much data!
  * Automation
  * Scripts (bash, python, powershell)
  * SIEM

* Dissemination - Communicating analysis findings
  * Internal communication
  * Choose your audience
  * Types:
    * Strategic Intelligence - Long term objectives
    * Operational Intelligence - Day to day short term objectives
    * Tactical Intelligence - Right now
  * Outside communication:  maybe...

* Feedback

  * New findings, new information
  * Lessons learned
  * New Threats?  Need for change?
  * People, we've got work to do!

* ![](https://668119349-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9XZuLZlYbpZMSIHcIPdL%2Fuploads%2FDDnRYfkALQgsQkJft0kV%2Fimage.png?alt=media\&token=b7efad2b-91f9-42b4-bf3e-f89dcc425dba)