Customer-Driven AI CTI Project

This repository packages the published Customer-Driven AI CTI Project article series as a Docusaurus-ready documentation site.

The methodology is built for CTI engagements that must move beyond reporting into defensible customer outcomes: intelligence requirements, evidence handling, source validation, threat scenarios, hunt hypotheses, detection engineering, SOC handoff, executive reporting, and measurable improvement.

Current release: v1.0.0

CTI Ecosystem

This project is the delivery and quality-gate layer of a three-book CTI ecosystem. Use CTI Project Ecosystem to navigate between the books.

• CTI Analyst Field Manual provides the underlying analyst tradecraft.
• Israel Government Threat Actors CTI provides sector-specific actor, TTP, tool, hunt, and detection examples.

Reading Order

1. Versioning for release status and compatibility rules.
2. Normative Language for MUST/SHOULD/MAY requirements.
3. Workflow Quick Reference for the end-to-end operational map.
4. Part 1: Foundations for analytic standards, governance, scoring, roles, and detection readiness.
5. Part 2A: Phase-by-Phase Execution Guide for Phase 0 through Phase 14 delivery execution.
6. Part 2B: Reference Toolkit for AI workflows, LLM task cards, quality gates, registers, and worked examples.
7. Practitioner Package for sample registers, rules, queries, replay data, gate packs, and a complete worked case.
8. Complete Worked Case for one full PIR-to-detection-to-executive-report flow.

Published Articles

The canonical public Medium links are preserved in Published Articles.