Cyber Threat Intelligence Analysis Platform

The Vendor is required to provide information concerning the requirements for a subscription to a cyber threat intelligence platform.
- An intelligence analysis platform — with a granular, flexible and expansive data model, performant backend and the capability to collect, enrich and correlate from several data providers — provides the data and analysts workbench, enabling the team to achieve its goals.
- The team leverages Cyber Threat Intelligence (CTI) capabilities to conduct threat assessments and enrichment in support of operational needs, with a focus on accurately conveying the context, urgency, credibility, severity, intent and motivation of cyber threats among other things.
- Operationally, a CTI capability that is actionable, intelligence-driven and grounded in an extensive raw intelligence feed and in-depth technical analysis is envisaged to serve as a primary source for indicators of compromise (IOC) related to cyber threat actor campaigns.
- The platform must have a broad and granular coverage in terms of data model and shall also have the flexibility to create custom and flexible data structures and labels to provide context, convey assessments and represent judgments, among other things.
- The platform shall ingest and enrich data from multiple data providers via APIs according to current data structures.
- must supplement the team with a dedicated technical point of contact to assist with new integrations and technical questions about the product (e.g. query language questions).
- Provide a workbench for cyber threat analysts and threat researchers to conduct in-depth analysis of cyber threat actor campaigns and operations, tactics, techniques and procedures (TTPs), motivation, intent, organizational alignments, clustering, technical and high-level shifts, evolutions and trends occurring on the threat landscape (e.g., changes in collection priorities, infrastructure and capabilities).
- Ingest both structured and unstructured data, increasing visibility of threats and providing opportunities for threat enrichment and cross-correlation with findings in the context of incident investigation.