After reviewing the end to end process of all teams, it was determined that a solution would include an example of the following:

• Threat intelligence reports will be customized to complement security awareness initiative and training for users
• Global IT help desks will have fields to fill out their tickets that may indicate a security issue:
  • Required fields—location, time, date,  potential attack vector
• Tickets that indicate a potential security issue will be monitored by the continuous monitoring team:
  • Continuous monitoring will validate the information against X criteria and move it to the incident response team for action, or mark it as a false positive