A weekly briefing your SOC will actually open
Every Monday, a weekly operational briefing distilled from the full indicator catalogue: which adversaries moved this week, which CVEs are being weaponised, which MITRE techniques shifted in pressure, and exactly what your SOC should do about it.
Each edition supports three reading paths — five-minute executive skim, twenty-minute analyst read, forty-minute deep dive.
The gap between threat report and threat action
Most threat reports describe what already happened. They are useful as historical record and as input to long-range planning. They are not useful at 09:00 on Monday morning when the SOC needs to know which three campaigns moved this week and what to do about them. The weekly advisory was built for that Monday-morning conversation.
Three reading paths support three different audiences in the same document. The executive can skim the headline summary, the “This Week in Numbers” panel, and the top-10 adversary chart in five minutes — long enough to know what to ask the SOC lead about, short enough to fit between meetings. The analyst can spend twenty minutes adding the featured adversary profiles, the MITRE technique pressure dashboard, and the “How to Operationalise” section — long enough to leave with a concrete action checklist. The hunter or detection engineer can spend forty minutes on the full document including indicator tables and detection logic — long enough to walk away with a complete operational dataset.
Same advisory. Same data. Different depths. The reader picks.
You pick the depth
Executive Skim
Headline summary, “This Week in Numbers” panel, top-10 adversary chart. You leave knowing the three campaigns that matter and the one vulnerability your patch team should accelerate.
Analyst Read
Add the featured adversary profiles, the MITRE ATT&CK pressure dashboard, and “How to Operationalise”. You leave with named adversaries, mapped techniques, and a concrete action checklist.
Deep Dive
Read every section including the indicator tables and detection logic. You leave with a full operational dataset ready to ingest into your SIEM, EDR, NDR, or SOAR.
Structure that repeats so comparison across weeks is easy
Adversary movement
Which actors gained or lost infrastructure this week, scored against the prior four weeks. Trending charts show acceleration, not just point-in-time presence.
CVE weaponisation
Vulnerabilities transitioning from disclosure to active exploitation, with affected products and patch priority informed by field signal rather than CVSS alone.
MITRE technique deltas
Heat-map of tactic pressure: which techniques saw the largest IOC volume change this week. The signal you need to weight detection investment toward.
Featured adversary profile
A deep-dive on one named adversary — TTPs, geography, target industries, infrastructure overlap, and operational recommendations.
Indicator tables
High-confidence indicators tagged with feed provenance, first-seen, last-seen, and severity. Ready for direct SIEM ingest.
Detection logic
Pseudo-rules and queries you can adapt to your detection stack on Monday morning. Includes MITRE technique mapping and false-positive considerations.
Looking for older issues? Browse the full advisory archive →
