From 5de60c4f0be2750025a576acbd1e9e84bd5bfd9d Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 20 May 2026 17:08:48 +0200 Subject: [PATCH 01/11] Add Reports section to mkdocs.yml --- mkdocs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mkdocs.yml b/mkdocs.yml index 39aa8a80c3..1024c0166b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -94,6 +94,9 @@ nav: - Manage feeds: cti/features/consume/manage_feeds.md - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md - Graph Explorations: cti/features/consume/graph_explorations.md + - Reports: + - Internal Reports (FLINTs): cti/features/consume/flints.md + - OSINT Reports: cti/features/consume/osint_reports.md - Export: cti/features/consume/export.md - IOCs Collections: cti/features/consume/ioccollections.md - Monitor: From 71170a390df3e1d2e4400212f14ffe901f115d70 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 20 May 2026 17:22:48 +0200 Subject: [PATCH 02/11] Create documentation for FLINT reports Added documentation for FLINT reports, including access methods and features. --- .../intelligence_center/consume/flints.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 _shared_content/intelligence_center/consume/flints.md diff --git a/_shared_content/intelligence_center/consume/flints.md b/_shared_content/intelligence_center/consume/flints.md new file mode 100644 index 0000000000..7708785fde --- /dev/null +++ b/_shared_content/intelligence_center/consume/flints.md @@ -0,0 +1,47 @@ +# FLINT Reports + +FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the Sekoia TDR team. They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. + +FLINTs directly feed the indicators, objects, and context available across the platform. + +## Overview + +The FLINT reports page lets you read, browse, and explore intelligence reports produced by TDR analysts. Each report is available in PDF and text format and is linked to STIX objects and observables in the platform, allowing you to pivot from a report directly into your investigation workflows. + +FLINTs are published over 50 times per year. The number of reports available to you depends on your subscription. + +!!! info "Access by subscription" + - **Defend**: Access to the last 4 FLINT reports via the Threat Landscape page. + - **Intelligence**: Access to the full archive. + +## How to access + +You can reach the FLINT reports page from two entry points: + +- Navigate to **Reports** in the left-hand menu, then select **FLINTs** in the filter bar. +- From the **Threat Landscape** page, click **See more** on the *FLINT reports* widget. + +## What you can do + +### Read a report + +By default, reports open in **PDF view**. You can: + +- Zoom in and out to adjust readability. +- Switch to **text view** using the toggle at the top of the report if you prefer plain text. +- Download the PDF to your machine. +- Resize the report list panel on the left to give more space to the reading area. + +### Explore linked intelligence + +Each FLINT is modelled in STIX and linked to objects in the platform. From a report, you can: + +- Click any **object or observable** in the report body to open its detail page. +- Click the **report title** to open the full Report detail page, listing all STIX objects and observables associated with that report. +- Open the **graph exploration** view to visualize relationships between the report's objects. + +## About the TDR team + +FLINTs are produced by the Threat Detection & Research (TDR) team, Sekoia's internal threat intelligence and detection engineering unit. TDR analysts cover four areas of expertise: strategic analysis, threat tracking, detection engineering, and reverse engineering. + +[Read TDR research on the Sekoia blog](https://blog.sekoia.io/category/threat-research/) From 7d11efbd8a7798ef29f6f626a1d1c43811bb0d78 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 20 May 2026 17:28:59 +0200 Subject: [PATCH 03/11] Add OSINT Reports documentation This document provides an overview of OSINT reports, including how to access and utilize them within the platform. It details features such as reading reports, filtering by feeds, and exploring linked intelligence. --- .../consume/osint_reports.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 _shared_content/intelligence_center/consume/osint_reports.md diff --git a/_shared_content/intelligence_center/consume/osint_reports.md b/_shared_content/intelligence_center/consume/osint_reports.md new file mode 100644 index 0000000000..3189073bf5 --- /dev/null +++ b/_shared_content/intelligence_center/consume/osint_reports.md @@ -0,0 +1,44 @@ +# OSINT Reports + +OSINT reports are publications from external sources, collected and made available directly in the platform. They cover ongoing campaigns, intrusion sets, attack techniques, and threat activity across sectors and geographies. + +They complement the TDR-produced [FLINT reports](./flints.md) by bringing in third-party intelligence to broaden situational awareness. + +## Overview + +The Reports page lets you browse and explore external threat intelligence collected from curated sources. Sources are selected for their reliability and cover a wide range of industries, threat types, and languages. + +Each report renders the original web publication directly in the platform. A text summary is available for most reports. Where available, reports are also linked to STIX objects and observables in the platform, allowing you to pivot from a report into your investigation workflows. + +Sources are curated by the Sekoia team and include government CERTs, national cybersecurity agencies, security vendors, and independent research organizations. They publish in multiple languages and cover a broad spectrum of industries, threat actors, and attack techniques. + +## How to access + +Navigate to **Reports** in the left-hand menu. OSINT reports are listed alongside FLINTs and can be filtered independently using the filter bar. + +## What you can do + +### Read a report + +Reports open in **PDF view** by default, rendering the original source article. You can: + +- Zoom in and out to adjust readability. +- Switch to **text view** using the toggle at the top of the report to read a summary of the publication. +- Resize the report list panel on the left to give more space to the reading area. + +!!! note + The text view sometimes displays a summary, not a full transcription of the original article. Not all reports have a text version available. + +### Filter reports using Feeds + +You can scope the reports list to a specific feed to focus on the threat intelligence most relevant to your environment or use case. Select a feed from the filter bar at the top of the reports list to apply it. + +Feeds can be configured to filter by source, sector, geography, and more. See [Feeds](../feeds.md) for instructions on how to create and configure a feed. + +### Explore linked intelligence + +Where applicable, reports are linked to STIX objects in the platform. From a report, you can: + +- Click any **object or observable** in the report body to open its detail page. +- Click the **report title** to open the full Report detail page, listing all STIX objects and observables associated with that report. +- Open the **graph exploration** view to visualize relationships between the report's objects. From 0517b547c10586df0595f5149024e0b5e629d1c5 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:25:02 +0200 Subject: [PATCH 04/11] Update link to Sekoia TDR team in FLINT report --- _shared_content/intelligence_center/consume/flints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_shared_content/intelligence_center/consume/flints.md b/_shared_content/intelligence_center/consume/flints.md index 7708785fde..db006567c2 100644 --- a/_shared_content/intelligence_center/consume/flints.md +++ b/_shared_content/intelligence_center/consume/flints.md @@ -1,6 +1,6 @@ # FLINT Reports -FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the Sekoia TDR team. They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. +FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-TDR-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. FLINTs directly feed the indicators, objects, and context available across the platform. From f2019f57ae5558ddf7c4f26877ac316ecba806cd Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:26:28 +0200 Subject: [PATCH 05/11] Rename 'Internal Reports' to 'FLINT Reports' --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 1024c0166b..d4baafe6ab 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -95,7 +95,7 @@ nav: - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md - Graph Explorations: cti/features/consume/graph_explorations.md - Reports: - - Internal Reports (FLINTs): cti/features/consume/flints.md + - FLINT Reports: cti/features/consume/flints.md - OSINT Reports: cti/features/consume/osint_reports.md - Export: cti/features/consume/export.md - IOCs Collections: cti/features/consume/ioccollections.md From 7f822d213bfe8271ebb46c731699d703b1e9660f Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:30:17 +0200 Subject: [PATCH 06/11] Fix markdown links in OSINT reports documentation --- _shared_content/intelligence_center/consume/osint_reports.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_shared_content/intelligence_center/consume/osint_reports.md b/_shared_content/intelligence_center/consume/osint_reports.md index 3189073bf5..54a2bd6aa9 100644 --- a/_shared_content/intelligence_center/consume/osint_reports.md +++ b/_shared_content/intelligence_center/consume/osint_reports.md @@ -2,7 +2,7 @@ OSINT reports are publications from external sources, collected and made available directly in the platform. They cover ongoing campaigns, intrusion sets, attack techniques, and threat activity across sectors and geographies. -They complement the TDR-produced [FLINT reports](./flints.md) by bringing in third-party intelligence to broaden situational awareness. +They complement the TDR-produced [FLINT reports](flints.md) by bringing in third-party intelligence to broaden situational awareness. ## Overview @@ -33,7 +33,7 @@ Reports open in **PDF view** by default, rendering the original source article. You can scope the reports list to a specific feed to focus on the threat intelligence most relevant to your environment or use case. Select a feed from the filter bar at the top of the reports list to apply it. -Feeds can be configured to filter by source, sector, geography, and more. See [Feeds](../feeds.md) for instructions on how to create and configure a feed. +Feeds can be configured to filter by source, sector, geography, and more. See [Feeds](feeds.md) for instructions on how to create and configure a feed. ### Explore linked intelligence From 10ccf9258a105e061407463b14bb660a8bc72de5 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:30:36 +0200 Subject: [PATCH 07/11] Fix capitalization in FLINT reports description --- _shared_content/intelligence_center/consume/flints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_shared_content/intelligence_center/consume/flints.md b/_shared_content/intelligence_center/consume/flints.md index db006567c2..222349b1c8 100644 --- a/_shared_content/intelligence_center/consume/flints.md +++ b/_shared_content/intelligence_center/consume/flints.md @@ -1,6 +1,6 @@ # FLINT Reports -FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-TDR-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. +FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. FLINTs directly feed the indicators, objects, and context available across the platform. From d899bb0b34c6766716694d85d835c5e206661c37 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Wed, 3 Jun 2026 11:39:25 +0200 Subject: [PATCH 08/11] Correct acronym expansion for FLINT reports --- _shared_content/intelligence_center/consume/flints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_shared_content/intelligence_center/consume/flints.md b/_shared_content/intelligence_center/consume/flints.md index 222349b1c8..10b9438bb5 100644 --- a/_shared_content/intelligence_center/consume/flints.md +++ b/_shared_content/intelligence_center/consume/flints.md @@ -1,6 +1,6 @@ # FLINT Reports -FLINT (Flash threat INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. +FLINT (FLash INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. FLINTs directly feed the indicators, objects, and context available across the platform. @@ -8,7 +8,7 @@ FLINTs directly feed the indicators, objects, and context available across the p The FLINT reports page lets you read, browse, and explore intelligence reports produced by TDR analysts. Each report is available in PDF and text format and is linked to STIX objects and observables in the platform, allowing you to pivot from a report directly into your investigation workflows. -FLINTs are published over 50 times per year. The number of reports available to you depends on your subscription. +New FLINTs are published every month. The number of reports available to you depends on your subscription. !!! info "Access by subscription" - **Defend**: Access to the last 4 FLINT reports via the Threat Landscape page. From b513ed7df166ea9c93840b13c155e47e7f80d9d5 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:43:27 +0200 Subject: [PATCH 09/11] Revise FLINT reports documentation for clarity Updated language for clarity and consistency in FLINT reports documentation. --- _shared_content/intelligence_center/consume/flints.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_shared_content/intelligence_center/consume/flints.md b/_shared_content/intelligence_center/consume/flints.md index 10b9438bb5..9887d4df6e 100644 --- a/_shared_content/intelligence_center/consume/flints.md +++ b/_shared_content/intelligence_center/consume/flints.md @@ -1,14 +1,14 @@ # FLINT Reports -FLINT (FLash INTelligence) reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, tracked threat actors, malware analysis, and threat intelligence from both technical and strategic perspectives. +FLINT (FLash INTelligence) Reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, active intrusion sets, distributed malware, and more, from both technical and strategic perspectives. FLINTs directly feed the indicators, objects, and context available across the platform. ## Overview -The FLINT reports page lets you read, browse, and explore intelligence reports produced by TDR analysts. Each report is available in PDF and text format and is linked to STIX objects and observables in the platform, allowing you to pivot from a report directly into your investigation workflows. +The FLINT Reports page enables you to read, browse, and explore intelligence publications produced by TDR analysts. Reports are available in both PDF and text format and are linked to relevant STIX objects and observables within the platform. This allows you to directly pivot from a report into your investigation workflows. -New FLINTs are published every month. The number of reports available to you depends on your subscription. +Over 50 FLINTs are published annually. The number of reports available to you depends on your subscription. !!! info "Access by subscription" - **Defend**: Access to the last 4 FLINT reports via the Threat Landscape page. @@ -19,7 +19,7 @@ New FLINTs are published every month. The number of reports available to you dep You can reach the FLINT reports page from two entry points: - Navigate to **Reports** in the left-hand menu, then select **FLINTs** in the filter bar. -- From the **Threat Landscape** page, click **See more** on the *FLINT reports* widget. +- From the **Threat Landscape** page, click **See more** in the *FLINT Reports* widget. ## What you can do @@ -29,7 +29,7 @@ By default, reports open in **PDF view**. You can: - Zoom in and out to adjust readability. - Switch to **text view** using the toggle at the top of the report if you prefer plain text. -- Download the PDF to your machine. +- Download the PDF to your device. - Resize the report list panel on the left to give more space to the reading area. ### Explore linked intelligence From 9813fa8b3ad2e5d908707e746753634d2d140fc7 Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:46:55 +0200 Subject: [PATCH 10/11] Rename OSINT Reports to External Reports Updated terminology from 'OSINT Reports' to 'External Reports' and enhanced descriptions for clarity. --- .../consume/{osint_reports.md => external_reports.md} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename _shared_content/intelligence_center/consume/{osint_reports.md => external_reports.md} (76%) diff --git a/_shared_content/intelligence_center/consume/osint_reports.md b/_shared_content/intelligence_center/consume/external_reports.md similarity index 76% rename from _shared_content/intelligence_center/consume/osint_reports.md rename to _shared_content/intelligence_center/consume/external_reports.md index 54a2bd6aa9..59384310b4 100644 --- a/_shared_content/intelligence_center/consume/osint_reports.md +++ b/_shared_content/intelligence_center/consume/external_reports.md @@ -1,8 +1,8 @@ -# OSINT Reports +# External Reports -OSINT reports are publications from external sources, collected and made available directly in the platform. They cover ongoing campaigns, intrusion sets, attack techniques, and threat activity across sectors and geographies. +External Reports are publications from external sources, collected and modelled directly in the platform. They cover ongoing campaigns, intrusion sets, attack techniques, and threat activity across sectors and geographies. -They complement the TDR-produced [FLINT reports](flints.md) by bringing in third-party intelligence to broaden situational awareness. +They complement the TDR-produced [FLINT reports](flints.md) by incorporating third-party intelligence perspectives into the platform, helping analysts broaden their situational awareness and gain additional context on emerging threats. ## Overview @@ -10,11 +10,11 @@ The Reports page lets you browse and explore external threat intelligence collec Each report renders the original web publication directly in the platform. A text summary is available for most reports. Where available, reports are also linked to STIX objects and observables in the platform, allowing you to pivot from a report into your investigation workflows. -Sources are curated by the Sekoia team and include government CERTs, national cybersecurity agencies, security vendors, and independent research organizations. They publish in multiple languages and cover a broad spectrum of industries, threat actors, and attack techniques. +Sources are curated by the Sekoia team and include government CERTs, national cybersecurity agencies, security vendors, and independent research organizations. They publish in multiple languages and cover a broad spectrum of industries, threat actors, and attack techniques. ## How to access -Navigate to **Reports** in the left-hand menu. OSINT reports are listed alongside FLINTs and can be filtered independently using the filter bar. +Navigate to **Reports** in the left-hand menu. External Reports are listed alongside FLINTs and can be filtered independently using the filter bar. ## What you can do From 44c6a3e6b63631e4be28c5d46e8b702683ce6fab Mon Sep 17 00:00:00 2001 From: "Khaoula E." <49680698+ka0ula@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:47:34 +0200 Subject: [PATCH 11/11] Rename OSINT Reports to External Reports --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index d4baafe6ab..d93dfb5834 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -96,7 +96,7 @@ nav: - Graph Explorations: cti/features/consume/graph_explorations.md - Reports: - FLINT Reports: cti/features/consume/flints.md - - OSINT Reports: cti/features/consume/osint_reports.md + - External Reports: cti/features/consume/external_reports.md - Export: cti/features/consume/export.md - IOCs Collections: cti/features/consume/ioccollections.md - Monitor: