ELI5: What is Operational Intelligence?
Operational intelligence is the day-to-day information about attacks happening right now. Think of it as a weather report for cybersecurity — what storms are hitting today.
Definition
Operational threat intelligence provides detailed information about specific adversary campaigns, threat actor groups, and their current activities, targeted industries, and tools of choice. This level of intelligence bridges the gap between high-level strategic intelligence (for executives) and technical IoC-level intelligence (for tools), providing context that helps security teams prioritize their defensive efforts and incident response activities.
Key Details
- Includes: threat actor profiles, active campaigns, targeted industries, commonly used tools and exploits
- Informs security teams about which threat groups are currently active and relevant to their organization
- Used to tune detection rules, prioritize patching, and brief the IR team on likely attack methods
- Produced by threat intelligence vendors (CrowdStrike, Mandiant, Recorded Future) and government sources (CISA, NSA)
- More actionable than strategic intelligence but less immediately actionable than technical IoCs
Connections
- Parent: threat-intelligence — operational intelligence is one of the three levels of threat intelligence
- See also: tactical-intelligence