CM-CTI LEVEL 3.0: DEFINED

You’re in the big leagues now. You’ve made the transition from a reactive team to proactive one. Congrats.

You’re applying industry guidelines in your own SOPs and can speak the same language as other CTI teams.

Your IRs are so granular you can map them to every asset in your enterprise’s inventory.

Your boss has even given you money to subscribe to some premium CTI vendors that specialize in your industry.

You’re tired of maintaining MISP and have no developer or engineering support, so you’ve bought yourself a shiny new commercial TIP with all the bells, whistles, and Customer Success Managers. It’s even got integrations with your SIEM and SOAR platforms already built!

And you use that thing as an ANALYST WORKBENCH. You massage that data into fitting your mold of the Diamond Model. You bolt on those Mitre ATT&CK TTP heatmaps to your Threat Hunting alerts. You hammer those killchain phases into your operational level reports. You can’t even decide what to eat for dinner anymore without completing an Analysis of Competing Hypothesis (ACH).