Now that we have information flowing to teams individually, there will need to be more customization for information being passed to be useable. During this phase, we will begin to combine the threat intelligence information and measure our progress to address findings through trend analyses.

Examples:

• Combining the total amount of vulnerabilities and OS configuration compliance for a specific application and providing a trend analysis on remediation efforts
• Network operations and network security teams working together to close ports and block IPs based on threat intel received, and also reporting the trend in remediation efforts

Level 2 phase B has the following objectives:

• Teams begin to combine reports to show security and IT ops a clearer picture of vulnerabilities that exist based on threat intelligence information