Role-Based Reading Paths
Purpose
Give different reviewers a direct path through the manual without forcing them to read every page linearly.
CTI Analyst Path
- What Is CTI
- PIR, SIR, and EEI
- Evidence Labels
- Source Reliability
- Assumptions and Gaps
- Attribution Methodology
- Actor Profile Template
- Finished Intelligence Report Template
Detection Engineer Path
- MITRE ATT&CK as a Working Tool
- ATT&CK Mapping Mistakes
- Intelligence to Detection
- Telemetry Requirements
- Detection Backlog
- Detection Readiness Levels
- SOC Handoff
- Israel Threat Actors CTI Detection Dashboard
SOC Lead Path
- Intelligence Cycle
- Hunting Hypothesis Template
- SOC Handoff
- Detection Readiness Levels
- Customer-Driven AI CTI Workflow
- Limitations
Manager / Executive Path
- Intro
- Finished Intelligence vs Research Notes
- Confidence Language
- Executive Summary Template
- Ecosystem
- Known Limitations
Hiring Reviewer Path
- Publication-Grade Review Backlog
- Authoritative Bibliography
- Module Worked Examples
- Detection Readiness Levels
- AI CTI Control Matrix
- Cross-Project Correlation Register
- CI Validation Evidence
Diagram
flowchart LR
Analyst[CTI Analyst] --> Foundations[Foundations]
Analyst --> Attribution[Attribution]
Detection[Detection Engineer] --> ATTCK[ATT&CK Mapping]
Detection --> DRL[Detection Readiness]
SOC[SOC Lead] --> Handoff[SOC Handoff]
Manager[Manager] --> Executive[Executive Summary]
Reviewer[Hiring Reviewer] --> Evidence[Evidence and Validation]