generating-threat-intelligence-reports

# Generating Threat Intelligence Reports ## When to Use Use this skill when: - Producing weekly, monthly, or quarterly threat intelligence summaries for security leadership - Creating a rapid intelligence assessment in response to a breaking threat (e.g., new zero-day, active ransomware campaign) - Generating sector-specific threat briefings for executive decision-making on security investments **Do not use** this skill for raw IOC distribution — use TIP/MISP for automated IOC sharing and reserve report generation for analyzed, finished intelligence. ## Prerequisites - Completed analysis from collection and processing phase (PIRs partially or fully answered) - Audience profile: technical level, decision-making authority, information classification clearance - TLP classification decision for the product - Organization-specific reporting template aligned to audience expectations ## Workflow ### Step 1: Determine Report Type and Audience Select the appropriate intelligence product type: **Strategic Intelligence Report**: For C-suite, board, risk committee - Content: Threat landscape trends, adversary intent vs. capability, risk to business objectives - Format: 1–3 pages, minimal jargon, business impact language, recommended decisions - Frequency: Monthly/Quarterly **Operational Intelligence Report**: For CISO, security directors, IR leads - Content: Active campaigns, adversary TTPs, defensive recommendations, sector peer incidents - Format: 3–8 pages, moderate technica...