Turn raw data gained during an operation into actionable intelligence.
Distill Intelligence refers to the process of taking the raw data collected during an operation and producing actionable intelligence. This raw data can take the form of collected logs, PCAP, malware, etc. The process of analyzing data can rely on manual or automatic processing.
One key method of Distilling Intelligence is the use of data analytics. Data analytics allows the defender to map the raw data collected during an operation to the adversary behavior that generated it. To remain useful at scale, automated analytics, such as behavioral analytics, are essential to produce meaningful intelligence. Intelligence produced during this step can be shared inside and outside of the organization, as appropriate, and used to inform threat models and refine operation activities.