The aggregation, normalization, enrichment, and contextualization of threat data and intelligence en masse necessitates a robust mix of innovation, automation, and flexibility. The Threat Analyst Workbench should provide mechanisms for extracting data from internal and external sources and building catalogues of intelligence. It should facilitate the analyst to characterize threats, identify outcomes, develop courses of action and thereby create actionable intelligence. We will cover a mixture of high level and detailed discussion of how we built internal systems for performing these tasks. We will provide insight on architecture, design, and lessons learned.
