ISAO 300-2: Automating Cyber Threat Intelligence Sharing

Request For Comment: Open July 18 – August 18

The purpose of this document is to provide a description and implementation guideline for automating key elements of the cyber threat intelligence lifecycle process of collection, identification, ingesting, processing, and correlation to establish derived actions. As envisioned, the document is targeted at organizations wanting to automate and use cyber threat intelligence processes for defending their enterprise. This document is equally useful to Information Sharing and Analysis Organization (ISAO) members and the ISAOs that are participating or considering participation in automated sharing efforts.

This document comprises a technical discussion and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its utilization in mitigating cybersecurity risks. Intelligence efforts have been generally characterized as strategic, operational, or tactical. This guide is focused on the area of tactical intelligence utilization that can benefit an enterprise and is dependent on an information-sharing ecosystem that can support automated sharing of cyber threat intelligence.

Throughout the document, the terms cybersecurity information sharing and information sharing are used synonymously.

Download This Draft Document
Having trouble viewing this document?


Fields marked with an * are required

Use this form to provide your comments on the draft document. With each comment, please include the relevant line numbers and select a level of importance. Check the "Add Another Comment" box underneath each comment to add additional comments.

Submitter Information

Comment #1