Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · Threat Intelligence Feed Review
workflow:threat-intelligence-feed-reviewa5c.ai
II.
Workflow JSON

workflow:threat-intelligence-feed-review

Structured · live

Threat Intelligence Feed Review json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-cyber-risk.yamlCluster · workflows
Record JSON
{
  "id": "workflow:threat-intelligence-feed-review",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-cyber-risk.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Threat Intelligence Feed Review",
    "workflowKind": "operational",
    "triggerType": "scheduled",
    "typicalCadence": "weekly",
    "complexity": "single-team",
    "description": "Evaluates and tunes threat intelligence sources and\nindicator-of-compromise feeds -- reviewing feed quality metrics\nincluding true-positive rate, timeliness, and relevance to\norganizational threat landscape, deduplicating and normalizing IOCs\nacross commercial, open-source, and ISAC feeds, tuning detection\nrules and SIEM correlation logic based on feed performance, retiring\nstale or low-fidelity indicators that generate false positives,\nassessing coverage gaps against MITRE ATT&CK techniques relevant to\nthe organization, and evaluating emerging threat intelligence vendors.\nProduces feed quality scorecard, tuning recommendations, and coverage\ngap report. Excludes incident response and threat hunting.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "role:security-risk-analyst",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "role:security-reviewer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "skill-area:incident-response",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "skill-area:threat-modeling",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "domain:cybersecurity-grc",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "domain:security",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "responsibility:run-security-scans",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "responsibility:threat-modeling",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "org-unit:security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:threat-intelligence-feed-review",
      "to": "org-unit:application-security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": [
    {
      "from": "stack-profile:siem-platform",
      "to": "workflow:threat-intelligence-feed-review",
      "kind": "follows_workflow"
    }
  ]
}