Your questions, answered continuously.
Intelligence Requirements are the questions your organisation needs answered about threats. Liberty91 turns each one into a tireless agent that evaluates every new event in your context — 24/7, on tap.
Start Free TrialWhat is an Intelligence Requirement?
An Intelligence Requirement is a specific, answerable question about threats that matters to your organisation. It is the foundation of Cyber Threat Intelligence tradecraft — the instruction that directs every other step of the intelligence lifecycle.
A good requirement looks like: “What threat actors are actively targeting financial services in the Gulf region, and what initial compromise techniques are they using?” A weak one looks like: “Keep us updated on threats.”
CTI practitioners also use the term Priority Intelligence Requirement (PIR). It is the same concept — an Intelligence Requirement that has been prioritised. On Liberty91 you define the requirements; the platform handles prioritisation continuously, based on what is moving in the real world against your profile. That is why we just call them Intelligence Requirements.
Three types of Intelligence Requirements.
Most organisations need all three. Liberty91 runs them in parallel and correlates across them automatically.
Threats to you
Monitoring the technologies your organisation deploys — the servers, platforms, and software in your stack. CVEs, exploits, patch advisories, and active campaigns targeting versions you run. Mapped directly to the hosts and assets you care about.
Threats from adversaries
Named threat actors, ransomware groups, sectors under active targeting, and the TTPs that matter for your region and vertical. Every new piece of reporting on the actors you're watching is analysed against your profile and turned into actionable output.
Concerns specific to your organisation
VIP exposure, impersonation of your brand, leaked credentials, M&A chatter, and compromise of the suppliers you depend on. The requirements that are uniquely yours — the ones a generic threat feed will never surface.
How the agents work a requirement.
Each Intelligence Requirement becomes its own agent inside your dedicated stack. The agent maintains a self-updating knowledge base — everything it has already processed that is relevant to the requirement, ready to be drawn on for the next event.
When new reporting lands, the agents collaborate. An event that touches two requirements — a vulnerability in a technology you run that is also a supplier you depend on — gets analysed against both, with the right framing for each audience.
The output of the agent stack feeds everything else: the daily morning report, RFI responses, Sigma detection rules for the SOC, remediation steps for operators, and board-ready briefs for executives.
Why this beats running CTI manually.
Configurable, not scripted
Add, remove, or retune requirements without code or a rules engine. Describe what you care about in plain language; the agent stack reorganises around it.
Collaborative agents
An event relevant to two requirements gets dual-context analysis automatically. A CVE in a supplier's stack surfaces under both the supplier requirement and the tech-stack requirement, with the right framing for each.
Self-updating knowledge
Each requirement's knowledge base refreshes on every relevant event. The agent doesn't start from scratch on Monday; it builds on everything it has already processed.
One requirement, many products
The same Intelligence Requirement produces a board-ready summary, SOC-ready IOCs and Sigma rules, an analyst briefing, and a stakeholder-facing report. Generated on demand, for the audience you pick.
Built for every role that consumes intelligence.
Intelligence Requirements look the same under the hood, but the outputs differ by audience.
Frequently Asked Questions.
Ready to do more with less?
Request a demo or start your free trial today. Get instant access to AI-powered threat intelligence tailored to your organisation.