The key factor that enables a structured and automated process for investigating attacks, processing intelligence, and integrating it with internal controls is Workflow.
In a Threat Intelligence Platform (TIP), the workflow defines a structured sequence of steps or processes that analysts follow to collect, process, analyze, and act on intelligence data. It ensures that:
Intelligence is processed consistently and efficiently.
Alerts, investigations, and responses follow predefined automation rules.
Internal controls are linked with threat feeds for faster detection and mitigation.
A well-designed workflow also supports investigation automation, report generation, and integration with other security systems such as SIEM, SOAR, and EDR tools.
Why the Other Options Are Incorrect:
A. Scoring: Refers to prioritizing or rating intelligence based on risk or severity but does not automate investigations.
B. Search: Involves querying the intelligence database for specific data but lacks structured investigation processes.
D. Open: Indicates an open architecture or API support, not workflow automation or process structuring.
Conclusion:
The correct factor that ensures structured, automated investigations in a Threat Intelligence Platform is Workflow.
Final Answer: C. Workflow
Explanation Reference (Based on CTIA Study Concepts):
CTIA defines workflow as a key element in threat intelligence platforms that organizes and automates intelligence-driven investigations across multiple security controls.
