1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Threat Intel Management Guide
    5. Threat Intel Reports
    6. Threat Intel Reports Overview

    Threat Intel Reports Overview

    An overview of working with threat intel reports in Cortex XSOAR.
    Threat intel reports summarize and share threat intelligence research conducted within your organization by threat analysts and threat hunters. Threat intelligence reports help you communicate the current threat landscape to internal and external stakeholders, whether in the form of high-level summary reports for C-level executives, or detailed, tactical reports for the SOC and other security stakeholders.
    Threat intel reports help address multiple relevant reporting use cases:
    • Global cybersecurity threats
      . Report to colleagues and executives if, and how, such threats affected your organization, and what was done to remediate and prevent future attacks.
    • Periodic monitoring
      . Keep track of infiltration attempts by adversaries within your industry vertical, and publish periodical status updates on any new behaviors.
    • Open source intelligence (OSINT) reports
      . Aggregate highlights of external publications that you feel should be actively brought to the attention of your SOC. This is usually done to ensure that relevant employees are up-to-date with the latest security trends so they can make more informed decisions.
    • Threat hunting
      . Report to colleagues, and the larger threat intelligence community, about proactive searches for, and detections of, advanced threats not found by traditional prevention and detection tools.
    The threat intel reports feature in Cortex XSOAR is part of the Threat Intelligence Management (TIM) module. You must install the
    Threat Intel Reports (BETA)
     content pack to enable using this feature.

    Threat Intel Report Workflow in Cortex XSOAR

    To create, publish, and share threat intel reports, perform the following:
    To ensure that users have access to the Threat Intel page, verify that their user role is assigned the Threat Intel permission (Page Access). By default, users with Administrator or Analyst roles have read/write access to the reports themselves.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo