CTI Project Ecosystem
Purpose
This page connects the Israel Government Threat Actors CTI knowledge base to the broader CTI documentation ecosystem.
The Ecosystem
| Project | Role | Use When You Need |
|---|---|---|
| CTI Analyst Field Manual | General CTI tradecraft and analyst operating manual | Evidence labels, source reliability, attribution discipline, infrastructure pivoting, actor research, CTI-to-detection method |
| Customer-Driven AI CTI Project | Delivery methodology and customer engagement operating model | Quality gates, project phases, acceptance criteria, detection readiness, replay and reporting workflow |
| Israel Government Threat Actors CTI | Sector and actor knowledge base | Israeli public-sector threat model, actors, tools, TTPs, detections, hunts, source tracking, and evidence mapping |
| HexStrike AI | AI-powered offensive security automation platform | MCP agent-based tool orchestration, 150+ security tools, AI-driven penetration testing, adversarial validation of detection coverage |
How This Project Fits
This project is the sector and actor knowledge base. It provides practical CTI material for Israeli government, municipal, telecom, critical infrastructure, defense-adjacent, and supplier exposure.
Use the CTI Analyst Field Manual to understand the tradecraft behind evidence labels, attribution, ATT&CK mapping, and CTI-to-detection logic. Use the Customer-Driven AI CTI Project when this knowledge base must become a structured customer delivery or internal program.
Cross-Project Workflows
Actor Page to Tradecraft Guidance
Start with an actor page such as MuddyWater, Void Manticore / Handala, or OilRig. Use the Field Manual to review actor profiling, attribution, evidence labels, and confidence language.
TTP to Detection Delivery
Start with the TTP To Detection Matrix, then use the Field Manual's CTI-to-detection guidance and the Customer project quality gates before production use.
Sector Finding to Customer-Ready Output
Start with the Israel Government Threat Model, then use the Customer project to convert findings into PIRs, SIRs, detection backlog items, SOC handoff, and executive reporting.
Repository Links
- CTI Analyst Field Manual repository
- Customer-Driven AI CTI Project repository
- Israel Government Threat Actors CTI repository
- HexStrike AI repository
Boundary
The CTI documentation projects (Field Manual, Customer project, Israel CTI) are defensive and public-source oriented. They do not include malware source code, exploit instructions, leaked data, credentials, or unauthorized-access guidance. HexStrike AI is an authorized offensive security and penetration testing platform; use it only in authorized engagements.