Cyber Underground General Intelligence Requirements Handbook
The Cybercrime Underground General Intelligence Requirements Handbook (CU-GIRH) is a baseline tool to assist in organizing, prioritizing, and producing cybercrime underground intelligence. The Intel 471 intelligence team has been using this framework for years, and we want to share it with the community!
Central to this handbook are General Intelligence Requirements (GIRs) — a compilation of frequently asked intelligence requirements applicable to the cybercrime underground (i.e., forums, marketplaces, products, services, and threat actors). The handbook also contains a list of common intelligence stakeholders and use cases, along with a comprehensive cybercrime glossary.
Access to the GIR handbook includes Intel 471’s intelligence planning workbook - a collection of templates and samples used by intelligence planners to operationalize the GIR framework, gather requirements from stakeholders, and measure success.
Who Is It For?
Primary users of the CU-GIRH and the corresponding planning workbook are cyber threat intelligence (CTI) planners, analysts, researchers, and collection managers.
How is it used?
The CU-GIRH and workbook can be used or customized in a number of ways.
- An analyst or researcher can use this as a hip-pocket reference for spotting ad-hoc collection opportunities in the underground.
- An intelligence planner can use this as a guide to support the development and tracking of intelligence requirements and measuring the intelligence team’s return on investment over time.
How Does Intel 471 Use CU-GIRH?
Intel 471 shapes its intelligence collection focus and production based largely on GIRs prioritized by customers. Using the CU-GIRH, each customer identifies and ranks a selection of GIRs which Intel 471 employs as guidance for daily intelligence collection, reporting, and success measurement.