At this point, we will need to begin to filter out the information that we are receiving to be more applicable to our organization. In the following example, the threat intelligence that is collected is now being sorted by the example organization. In this case, the OS, IP, threat actor, domain, and hash information is collected by the manufacturing, defense, and automotive threat intelligence sources.

Objectives for level 1 phase B:

• Filter out threat feeds to only include the most relevant to your organization
• Begin to identify attributes of threat information that will provide value to your organization