Report Index

Use data/sources.csv as the authoritative machine-readable source register.

Use sources/ as the analyst-facing scored source library:

• sources/score-a-primary/ for high-reliability primary sources.
• sources/score-b-supporting/ for supporting methodology, authored assessments, and secondary summaries.
• sources/score-c-watchlist/ for claims and leads that require corroboration.

Priority Report Categories

• Government advisories: CISA, FBI, NSA, INCD, CERT-IL, ENISA, NCSC.
• ATT&CK knowledge base: actor technique mappings and reference chains.
• Vendor CTI: Microsoft, Mandiant / Google Cloud, ESET, SentinelOne, Meta, Check Point Research, Palo Alto Unit 42, CrowdStrike, Recorded Future.
• Sector sources: WaterISAC, aviation, telecom, and government-sector information sharing groups.
• Authored Medium research from this project owner: andrey-medium-articles.md.
• 2024-2026 escalation research intake: 2026-israel-critical-infrastructure-escalation.md.
• 2023-2026 source-download and validation intake: resourses_research.md.
• Actor-specific LLM research prompts: actor-deep-research-prompts.md.
• Additional Gemini research intake: additional-research-gemeni.md.
• Imported deep-research actor intakes: muddywater-deep-research.md, oilrig-magic-hound-deep-research.md, pioneer-kitten-deep-research.md, apt39-arid-viper-unc3890-cyber-toufan-deep-research.md, apt35-oilrig-israel-deep-research.md. Downloaded deep-research-report (5).md was an exact duplicate of deep-research-report (1).md and is represented by oilrig-magic-hound-deep-research.md.
• Imported research upgrade summary and validation queue: research-intake-upgrade-summary.md.
• Optional VirusTotal malware-hash enrichment workflow: ../virustotal-enrichment.md.
• End-to-end CTI-to-detection examples: worked-cases.md.
• CI and build evidence: ci-validation-evidence.md.
• Versioned maturity notes: release-notes.md.
• Detection-readiness evidence packs: ../detection-engineering/drl-evidence-packs.md.
• Known limitations: ../known-limitations.md.
• Sigma validation results: ../detection-engineering/sigma-validation-results.md.
• SOC handoff packet: ../detection-engineering/soc-handoff-packet.md.
• Defensive CTI synthesis for Israeli public-sector environments: defensive-cti-threats-to-israeli-public-sector.md.

Collection Rules

• Reports SHOULD be stored as links unless redistribution is explicitly allowed.
• Analyst notes MAY summarize key findings, but MUST preserve original URL and publisher.
• IOC lists SHOULD be referenced by location rather than duplicated wholesale.
• VirusTotal MAY be used for enrichment, but verdict labels MUST NOT be used as actor attribution and raw VT JSON or samples MUST NOT be committed.
• Raw downloaded reports SHOULD remain in ignored research-downloads/.
• Use data/research-downloads.csv as the committed manifest for download status, local archive path, byte size, and SHA-256.
• Use scripts/convert_research_downloads.py to create local searchable text under ignored research-downloads/converted/ when analyst review requires it.