What is DocIntel?
With cyberattacks increasing in frequency and severity, it’s become essential to have a system for cataloging and sorting threat intelligence reports.
DocIntel was created to help organizations and companies do just that. It is a software for managing cyber threat reports, so you can stay on top of the latest threats and protect yourself, your organization, and your partners.
DocIntel makes it easy to collect, store, and analyze all of your threat data. It also includes powerful search capabilities so you can quickly find the information you need. And because DocIntel is on-premise, you can also access your private intelligence reports at any time.
The key concepts in DocIntel are documents, tags and facets, and sources.
Documents
DocIntel is built on the idea that documents are the core of intelligence. A document is composed of multiple files, which can be text, images, or other types of data. By indexing and analyzing these files, DocIntel can provide powerful search capabilities.
For example, a threat report might be composed of a PDF file and an attached spreadsheet with indicators of compromise. DocIntel improves efficiency by bundling both files within a single document that can then be searched for.
One of the key features of DocIntel is the ability to add comments on documents. This allows users to share their expertise and opinion on a particular threat. Comments can be helpful for other users who are researching the same threat, or for those who are trying to understand the context of the threat.
DocIntel allows you to control access to documents by groups. This ensures that only users with the need-to-know can view and search for these sensitive reports. For example, you might want to restrict access to the Intelligence team within your organization.
Tags
DocIntel uses tags to help you sort, filter, and manage your threat intelligence. Tags are keywords or phrases that you can use to quickly find the reports that you need. You can add tags to any report, and you can also create tag groups to organize your tags.
For example, if you are interested in reports about ransomware, you could create a tag called “ransomware” and add it to all of the reports that mention that term. You could also create a facet (a.k.a. a tag group) called “threats” and add the “APT28” tag to that group. Then, you could select the tag ransomware and the threat APT28 to see all of the reports about ransomware and APT28 in one place.
You can also use tags to track the status of a threat. For example, you could create a tag called “investigated” and add it to all of the reports that have been investigated by your team. Then, you could open the “investigated” tag and see all of the reports that have been investigated recently.
Tags are a great way to keep track of your threat intelligence data and make it easier to find what you need.
Sources
It is of utmost importance to seek out accurate information in regard to security threats. This allows you to focus on the most pressing data, without being tricked by false leads. DocIntel makes it easy to rate and evaluate your sources, so you can be confident in the veracity of your information at all times. Everyone using Docintel can easily find trustworthy source material.
For example, let’s say there’s a blog that discusses a new ransomware variant. The author is not an expert, and the post doesn’t offer any technical details about the malware other than a link to another news article. Docintel would warn users that this source might not be reliable so they treat the information with caution in their analysis.
In another example, a trusted source regularly releases reports on new espionage campaigns. The authors are extremely knowledgeable and experienced when it comes to nation-state cyberattacks. Usually, the sources provides in-depth information about the malware used. In this case, because the source is rated highly by your organization and known to be reliable, users are notified that the material can be safely used for reference purposes.
Researching and rating information sources is an excellent way to ensure that your team is using the best possible options.
TLDR;
DocIntel is an essential tool for managing and understanding threat intelligence. It allows you to quickly access reports on specific threats, as well as evaluate the sources of that information. DocIntel also makes it easy to add comments and tag documents to help with collaboration and research. Using tags, you can track the status of a threat or keep track of all the reports related to a certain topic. DocIntel also makes it possible for users to subscribe to documents, tags, and sources. By doing so, they will then be notified when something new is published and teams can stay current with the latest threats.
With DocIntel, you can be confident that you have access to accurate and trustworthy information at all times.
Try it today and see how much easier managing your cyber security can be.