CTI Project Ecosystem
Purpose
This page connects the three CTI documentation projects into one practitioner ecosystem. Each project has a different role, but they are intended to be used together.
The Ecosystem
| Project | Role | Use When You Need |
|---|---|---|
| CTI Analyst Field Manual | General CTI tradecraft and analyst operating manual | Evidence discipline, analytic judgment, attribution, infrastructure pivoting, actor research workflow, CTI-to-detection foundations, templates |
| Customer-Driven AI CTI Project | Delivery methodology and customer engagement operating model | Project phases, quality gates, customer outcomes, AI-assisted workflow controls, acceptance criteria, replay and delivery packages |
| Israel Government Threat Actors CTI | Sector and actor knowledge base | Israeli public-sector threat model, actors, tools, TTPs, detections, hunts, evidence registers, source tracking |
| HexStrike AI | AI-powered offensive security automation platform | MCP agent-based tool orchestration, 150+ security tools, AI-driven penetration testing, adversarial validation of detection coverage |
Recommended Navigation
- Start here when you need the tradecraft standard: CTI Analyst Field Manual.
- Move to the delivery model when work must become a managed customer project: Customer-Driven AI CTI Project.
- Use the Israel-focused knowledge base when the question involves Israeli government, municipal, telecom, critical-infrastructure, or supplier exposure: Israel Government Threat Actors CTI.
Cross-Project Workflows
Actor Profile to Customer Delivery
Use Actor Research to structure the profile, then use Customer-Driven AI CTI Project to turn it into a project plan, quality gates, and accepted deliverables. Use Israel Government Threat Actors CTI when the actor requires Israel-sector context.
CTI Finding to Detection Backlog
Use Intelligence to Detection for the reasoning chain. Use Customer-Driven AI CTI Project for phase control and gate evidence. Use Israel Government Threat Actors CTI for concrete actor, tool, TTP, hunt, and detection examples.
Source Claim to Evidence Register
Use Evidence Labels and Source Reliability as the analytic standard. Use the Customer project for delivery gates. Use the Israel project for a live example of source and evidence governance.
Repository Links
- CTI Analyst Field Manual repository
- Customer-Driven AI CTI Project repository
- Israel Government Threat Actors CTI repository
- HexStrike AI repository
Boundary
The CTI documentation projects (Field Manual, Customer project, Israel CTI) are defensive and public-source oriented. They do not provide exploit instructions, malware source code, leaked data, credentials, or unauthorized-access guidance. HexStrike AI is an authorized offensive security and penetration testing platform; use it only in authorized engagements.