Cyber Underground Handbook: Outsmart Cybercriminals | Intel471 Skip to content

Cyber Underground Handbook

Intel 471 General Intelligence Requirements (GIR) Framework

Homepage Hero
GIR handbook updated

How Your Team Benefits

This handbook is a baseline tool to assist security professionals and teams in organizing, prioritizing, and producing cyber underground intelligence.

  • Drive Decisions and Operations: Map your Primary Intelligence Requirements (PIRs) to our GIRs to streamline and prioritize your collection needs, ensuring that you are collecting actionable intelligence.
  • Structure a Pedigree Plan: We provide the essential elements information (EEIs) for needed to meet each GIR, use cases, lists of frequently asked questions, and an intelligence planning workbook with templates and samples used by our team to help you create a robust intelligence collection plan that meets stakeholder needs.
  • Measure Success: Use GIRs as a baseline tool to track progress against PIRs and return of investment overtime. Readily communicate these to company leadership.
Screenshots GIR

How it Works With the TITAN Platform

TITAN delivers structured technical and non-technical data and intelligence that is continually updated by our global team and automated processes. Intelligence is mapped to Intel 471's Criminal Underground General Intelligence Requirements (CU-GIR) framework and is driven by your Prioritized Intelligence Requirements (PIRs).

  • Customer PIRs are mapped to our GIRs to structure our intelligence collection to ensure our products drive decisions and operations for our stakeholders.
  • Each report in TITAN is tagged with corresponding GIRs allowing customers to easily search for and filter results to find intelligence relevant to their organization.
  • Customers can set watchers for GIRs to receive timely alerts to relevant intelligence so that they can swiftly.
  • Customers can measure performance by quantifying ROI through the GIRs covered.

How Does Intel 471 Use the Cyber Underground Handbook?

Intel 471 shapes its intelligence collection focus and production based largely on GIRs prioritized by customers. Using the CU-GIRH, each customer identifies and ranks a selection of GIRs which Intel 471 employs as guidance for daily intelligence collection, reporting, and success measurement.

Primary users of the CU-GIRH and the corresponding planning workbook are cyber threat intelligence (CTI) planners, analysts, researchers, and collection managers.

  • An analyst or researcher can use this as a hip-pocket reference for spotting ad-hoc collection opportunities in the underground.
  • An intelligence planner can use this as a guide to support the development and tracking of intelligence requirements and measuring the intelligence team’s return on investment over time.
Adobe Stock 172017867

Intelligence Planning Assets

Getting Started with the CU-GIRH

3 minutes

Selection PIRs for your Stakeholders

6 minutes

Getting to Know Your Collection Guidance

3 minutes

Preparing Your Collection Plan

5 minutes

Intelligence Planning Events

Attend our Next Workshop

Are you an intelligence practitioner or stakeholder looking to gain hands-on experience building or enhancing your organization’s intelligence plan? Join us for an exclusive training for building a successful intelligence program by offering our secret sauce used to safeguard organizations worldwide.

"The material was great, the delivery was great, the exercises were really useful to learn the resources. Really looking forward to applying the information and resources to starting a legit CTI program at my company."

Anonymous - Webhosting company

"Highly detailed and well thought out workshop."

Eric P. - InfraGard Houston

"Excellent session! will definitely be using it to refine some of our existing program."

Anonymous - A leading global information technology solution provider

"Lots of helpful information and great templates to get more mature."

Ryan K. - A critical infrastructure services organization

"This workshop is perfect for any new CTI practitioners or new CTI Directors."


"Intel 471 has demonstrated to us that they are on top of the events observed in the cyber underground. They have differentiated themselves from the competition by their superior intelligence curation in the shape of "spot reports" that only focuses on the "meat" of cyber threat intelligence."

Jurgen Visser, Head of Cyber Threat Intelligence, Gojek

©Intel 471, Inc. Licensed under CC-BY-NC-ND 4.0, available at