Flashpoint has introduced an Intelligence Requirements (IRs) workflow within its Ignite platform. The feature is designed to support organisations in defining, managing, and operationalising General Intelligence Requirements (GIRs) and Priority Intelligence Requirements (PIRs).
The development of Intelligence Requirements is intended to address a common challenge in cyber threat intelligence (CTI): aligning intelligence activities with organisational priorities. While CTI is widely used, connecting intelligence outputs to business or executive decision-making processes can be complex. The framework provides a structured way to organise intelligence work within a centralised system.
Within the Flashpoint Ignite platform, the IRs workflow links monitoring activities, investigative tasks, and reporting functions. This structure is intended to support the organisation of intelligence programmes used in decision-making and risk management.
Key aspects of the approach include:
- Centralisation of PIRs: Creating a structure where intelligence activities can be mapped to organisational risks and priorities.
- Alert efficiency: Linking alert monitoring to defined priorities to help reduce irrelevant or low-priority alerts.
- Investigation support: Connecting intelligence inputs with investigative workflows to assist with triage and response processes.
- Templates: Providing both pre-built and custom templates to support setup and configuration for different organisational needs.
- Visibility and measurement: Offering insight into intelligence activities to help assess alignment with defined objectives.
The process typically begins with defining intelligence questions, which are then mapped to monitoring and investigative workflows. As PIRs are established, alert rules can be associated with them so that incoming signals are organised according to defined priorities.
This approach also supports the alignment of alert rules and automated or AI-assisted recommendations within the platform, aiming to reduce disconnected monitoring activity.
Throughout the workflow, intelligence activities are structured so that there is continuity between defined priorities, incoming data, investigations, and outcomes. This is intended to help teams track which areas are receiving attention and how they relate to broader organisational goals.
Overall, the IRs capability in Flashpoint Ignite is positioned as a structured method for organising cyber threat intelligence activities in relation to organisational priorities and risk management needs.
