Until now the Intelligence Center feeds the Operation Center with data but we never have the opposite. The Operation Center has a lot of events that could give some valuable information to the user. Adding telemetry capabilities to the Intelligence Center is a first step in benefiting of the data inside the Operation Center.
We will start with observable telemetry so observable details in the Intelligence Center should display:
We should also have the possibility to filter to get:
The seen observables are also a great opportunity to avoid having false positives.
An observables that has been seen multiple times could be dangerous as an indicator.
To avoid this kind of mistakes a new warning rules would help the analysts detect possible false positive.