ThreatSpire logoThreatSpire

Platform · Intelligence Requirements

Your intelligence questions, answered as the evidence arrives.

Turn your standing Priority Intelligence Requirements into living, tracked items. ThreatSpire links each one to the adversaries that bear on it and drafts a grounded assessment the moment new evidence lands — so requirements move toward answered instead of gathering dust in a spreadsheet.

Back to platform

threatspire / requirements / PIR-004

SIGNAL DETECTEDSOCExec

Are we at risk from SILVERSCALE-117's latest phishing tactics?

SILVERSCALE-117T1566.001Initial Access

Auto-drafted assessment

2 sources cited

New reporting from vendor-x confirms SILVERSCALE-117 has shifted to weaponized ISO attachments in phishing campaigns targeting Nordic logistics. This aligns with T1566.001 and matches observed telemetry from our sector in the past 14 days.

Analyst-reviewed
Linked evidence

Phishing campaign targeting Nordic logistics — weaponized ISO attachments observed.

vendor-x

Internal telemetry: 3 users in logistics division received ISO-lure emails in past 14d.

internal

The problem

PIRs go in a doc and quietly die there.

Teams write down their priority questions once, then manually chase answers across feeds and inboxes. Requirements never get formally closed, no one notices when new reporting actually answers one, and leadership's questions outlive the analyst who wrote them. The intent is there — the follow-through isn't.

Pain

Requirements go unanswered

PIRs are created, filed, and forgotten. No one tracks when new evidence actually answers them.

Cost

Analyst time spent chasing

Hours per week manually scanning feeds to see if anything relevant landed for a standing question.

How it works

From static question to living answer.

  1. 01

    Define

    Capture your org's standing questions as structured requirements, each tagged to the stakeholders who need them.

  2. 02

    Ground

    Anchor every requirement to your org context — your sector, assets, and what 'relevant' actually means for you.

  3. 03

    Link

    Connect each requirement to the adversaries and activity that bear on it, drawing from their evidence timelines.

  4. 04

    Answer

    As new, relevant evidence arrives, ThreatSpire drafts a grounded assessment and advances the requirement's state automatically.

What you get

What the platform gives you.

Signal-driven tracking

Requirements aren't static. Each one watches for relevant evidence and updates its status as new signal arrives, so you see movement instead of a frozen list.

Grounded AI drafts

When evidence lands, ThreatSpire drafts an assessment built from the cited sources — assistive and analyst-reviewed, never hallucinated.

Actor linkage

Every requirement connects to the relevant adversaries and their source-linked timelines, so the answer and its evidence sit together.

Org-context relevance

Incoming reporting is judged against your environment, not a generic feed — only what actually matters to your org surfaces against a requirement.

Source & audience control

Per-requirement source-tier allowlists decide which reporting can feed an answer, and stakeholder tags route each requirement to the people who asked.

Why it's different

Three ideas the rest of the market keeps getting wrong.

From static questions to living answers.

Requirements stop being a to-do list and start resolving themselves as the evidence comes in. Status changes, drafts appear, and stakeholders get notified — without anyone manually updating a spreadsheet.

Grounded, not generated.

Every draft is anchored to cited sources and left under analyst control — assistance you can defend, not a black box. If it can't be traced to a report, it doesn't appear in the assessment.

Tuned to your org.

Org-context grounding and source control mean relevance is defined by your environment, so analysts aren't drowning in noise. What matters to a healthcare SOC isn't the same as what matters to a finance team.

Closing the loop

PIRs that track themselvesDrafts grounded in cited sourcesLinked to actors & evidenceScoped to your org context

Requirements connect your standing questions to the actor profiles, evidence, and priority questions across ThreatSpire.

Stop chasing your intelligence requirements.

Bring your PIRs — we'll show you how ThreatSpire keeps them moving.