CTI Project Ecosystem
Purpose
This page connects the Customer-Driven AI CTI Project to the broader CTI documentation ecosystem.
The Ecosystem
| Project | Role | Use When You Need |
|---|---|---|
| CTI Analyst Field Manual | General CTI tradecraft and analyst operating manual | PIR/SIR/EEI, evidence discipline, source reliability, attribution, infrastructure pivoting, actor profiling, hunt hypotheses, detection handoff |
| Customer-Driven AI CTI Project | Delivery methodology and customer engagement operating model | Project phases, quality gates, acceptance criteria, AI-assisted controls, replay, reporting, and customer delivery artifacts |
| Israel Government Threat Actors CTI | Sector and actor knowledge base | Israel-focused actors, tools, TTPs, detections, hunts, evidence registers, and source tracking |
| HexStrike AI | AI-powered offensive security automation platform | MCP agent-based tool orchestration, 150+ security tools, AI-driven penetration testing, adversarial validation of detection coverage |
How This Project Fits
This project is the delivery layer. It explains how to run CTI work as a controlled customer or internal security project with gates, artifacts, validation, and acceptance criteria.
Use the CTI Analyst Field Manual when you need the underlying analyst tradecraft behind a phase. Use Israel Government Threat Actors CTI when you need a realistic actor and sector knowledge base to test the methodology.
Cross-Project Workflows
Requirements to Delivery Plan
Start with PIR, SIR, and EEI in the Field Manual, then apply this project's methodology phases and quality gates to turn requirements into accepted outputs.
Detection Candidate to SOC Handoff
Use the Field Manual's Intelligence to Detection page for detection reasoning. Use this project for DRL, replay, gate evidence, and customer acceptance. Use the Israel CTI project for actor-specific detections and hunt examples.
Sector Case to Delivery Package
Use Israel Government Threat Actors CTI as the actor and sector corpus. Use this project to package that corpus into a customer-ready CTI-to-detection engagement.
Repository Links
- CTI Analyst Field Manual repository
- Customer-Driven AI CTI Project repository
- Israel Government Threat Actors CTI repository
- HexStrike AI repository
Boundary
The CTI documentation projects (Field Manual, Customer project, Israel CTI) are defensive and public-source oriented. They do not include malware source code, exploit instructions, leaked data, credentials, or victim-sensitive material. HexStrike AI is an authorized offensive security and penetration testing platform; use it only in authorized engagements.