To enable an intelligence package to be useful, at this point we need to ask ourselves:

• What information is applicable to the teams?
  • Vulnerability management, security configuration management, and systems administration may need to know OS information and IP information
  • Network security and continuous security monitoring may need to know IP information and domain information
  • Threat intel management and malware analysis may need to know TTP information and hash information
• Who are the key stakeholders that need to know this information?
• How does it need to be delivered?