Add reports doc

_shared_content/intelligence_center/consume/external_reports.md

@@ -0,0 +1,44 @@
+# External Reports
+
+External Reports are publications from external sources, collected and modelled directly in the platform. They cover ongoing campaigns, intrusion sets, attack techniques, and threat activity across sectors and geographies.
+
+They complement the TDR-produced [FLINT reports](flints.md) by incorporating third-party intelligence perspectives into the platform, helping analysts broaden their situational awareness and gain additional context on emerging threats. 
+
+## Overview
+
+The Reports page lets you browse and explore external threat intelligence collected from curated sources. Sources are selected for their reliability and cover a wide range of industries, threat types, and languages.
+
+Each report renders the original web publication directly in the platform. A text summary is available for most reports. Where available, reports are also linked to STIX objects and observables in the platform, allowing you to pivot from a report into your investigation workflows.
+
+Sources are curated by the Sekoia team and include government CERTs, national cybersecurity agencies, security vendors, and independent research organizations. They publish in multiple languages and cover a broad spectrum of industries, threat actors, and attack techniques. 
+
+## How to access
+
+Navigate to **Reports** in the left-hand menu. External Reports are listed alongside FLINTs and can be filtered independently using the filter bar.
+
+## What you can do
+
+### Read a report
+
+Reports open in **PDF view** by default, rendering the original source article. You can:
+
+- Zoom in and out to adjust readability.
+- Switch to **text view** using the toggle at the top of the report to read a summary of the publication.
+- Resize the report list panel on the left to give more space to the reading area.
+
+!!! note
+    The text view sometimes displays a summary, not a full transcription of the original article. Not all reports have a text version available.
+
+### Filter reports using Feeds
+
+You can scope the reports list to a specific feed to focus on the threat intelligence most relevant to your environment or use case. Select a feed from the filter bar at the top of the reports list to apply it.
+
+Feeds can be configured to filter by source, sector, geography, and more. See [Feeds](feeds.md) for instructions on how to create and configure a feed.
+
+### Explore linked intelligence
+
+Where applicable, reports are linked to STIX objects in the platform. From a report, you can:
+
+- Click any **object or observable** in the report body to open its detail page.
+- Click the **report title** to open the full Report detail page, listing all STIX objects and observables associated with that report.
+- Open the **graph exploration** view to visualize relationships between the report's objects.

_shared_content/intelligence_center/consume/flints.md

@@ -0,0 +1,47 @@
+# FLINT Reports
+
+FLINT (FLash INTelligence) Reports are threat intelligence publications produced by the [Sekoia TDR team](#about-the-tdr-team). They cover ongoing campaigns, active intrusion sets, distributed malware, and more, from both technical and strategic perspectives.
+
+FLINTs directly feed the indicators, objects, and context available across the platform.
+
+## Overview
+
+The FLINT Reports page enables you to read, browse, and explore intelligence publications produced by TDR analysts. Reports are available in both PDF and text format and are linked to relevant STIX objects and observables within the platform. This allows you to directly pivot from a report into your investigation workflows.
+
+Over 50 FLINTs are published annually. The number of reports available to you depends on your subscription.
+
+!!! info "Access by subscription"
+    - **Defend**: Access to the last 4 FLINT reports via the Threat Landscape page. 
+    - **Intelligence**: Access to the full archive.
+
+## How to access
+
+You can reach the FLINT reports page from two entry points:
+
+- Navigate to **Reports** in the left-hand menu, then select **FLINTs** in the filter bar.
+- From the **Threat Landscape** page, click **See more** in the *FLINT Reports* widget.
+
+## What you can do
+
+### Read a report
+
+By default, reports open in **PDF view**. You can:
+
+- Zoom in and out to adjust readability.
+- Switch to **text view** using the toggle at the top of the report if you prefer plain text.
+- Download the PDF to your device.
+- Resize the report list panel on the left to give more space to the reading area.
+
+### Explore linked intelligence
+
+Each FLINT is modelled in STIX and linked to objects in the platform. From a report, you can:
+
+- Click any **object or observable** in the report body to open its detail page.
+- Click the **report title** to open the full Report detail page, listing all STIX objects and observables associated with that report.
+- Open the **graph exploration** view to visualize relationships between the report's objects.
+
+## About the TDR team
+
+FLINTs are produced by the Threat Detection & Research (TDR) team, Sekoia's internal threat intelligence and detection engineering unit. TDR analysts cover four areas of expertise: strategic analysis, threat tracking, detection engineering, and reverse engineering.
+
+[Read TDR research on the Sekoia blog](https://blog.sekoia.io/category/threat-research/)

mkdocs.yml

@@ -94,6 +94,9 @@ nav:
           - Manage feeds: cti/features/consume/manage_feeds.md
           - Create a detection rule from a feed: cti/features/consume/create_detection_rule_from_feed.md
       - Graph Explorations: cti/features/consume/graph_explorations.md
+      - Reports: 
+          - FLINT Reports: cti/features/consume/flints.md
+          - External Reports: cti/features/consume/external_reports.md
       - Export: cti/features/consume/export.md
       - IOCs Collections: cti/features/consume/ioccollections.md
     - Monitor: