Skip to main content
Download the Buyer’s Guide for Cyber Risk Quantification Solutions
Download Guide
Request a Demo

CAL™ ATL: Collecting and Analyzing Open Source Intel Faster and Easier

CTI analysts encounter numerous challenges in handling the constant influx of data from various unstructured open-source intel (OSINT) sources, such as reports and blogs, news sites, and other websites. ThreatConnect’s CAL Automated Threat Library (ATL) efficiently distills over 60 definitive OSINT sources into a structured and ready-to-use threat intel feed.

CAL: Real-Time Insights and Global Intelligence

In our last blog, we explored the source of power – the brain, if you will – of ThreatConnect’s TI Ops Platform—ThreatConnect CAL. CAL is a comprehensive solution from ThreatConnect, utilizing AI and ML-powered analytics to offer real-time insights and context into threats and their behaviors. This includes automated ATT&CK analysis, unique feeds specific to ThreatConnect, and the collective intelligence shared among ThreatConnect users.

With a little grounding in CAL’s overall scope and power, let’s now focus on the Automated Threat Library (ATL) within CAL. 

CAL ATL: Simplifying OSINT Handling

The Automated Threat Library (ATL) plays a crucial role in simplifying the handling of unstructured OSINT. By distilling information from diverse sources into a structured format, CAL ATL automates the heavy lifting required by analysts. This saves valuable time and enhances the efficiency of threat intelligence operations.

Once identified by ATL, IOCs are seamlessly integrated and enriched with relevant information, such as Classifiers, MITRE ATT&CK tactics and techniques, and Domain Generation Algorithms discovered through Machine Learning. ThreatAssess scores and Classifiers further aid teams in focusing on the most critical intelligence.

Easy to Read and Digest

All of CAL ATL is assembled in one feed that is easy to search and consume. CAL ATL automatically tags intelligence with known aliases for mentioned groups, such as threat actors, malware, etc. CAL ATL users can also select CAL Alias Information or combine group nodes by alias to provide a better understanding of which objects are related to a given Group. This saves time for analysts so they don’t have to manually deduplicate all the threat actor group names.

AI Insights: Elevating Report Understanding

CAL ATL provides an AI-Generated summary card prominently displayed at the top of the Report Group’s overview page. This summary consists of brief, easy-to-read bullet points, providing users with a high-level understanding of the report’s contents. This empowers users to efficiently decide whether a report warrants further attention or analysis, optimizing their workflow and ensuring a more focused and informed approach to threat intelligence.

Strategic Intelligence Source

CAL ATL is a strategic intelligence source. By incorporating an organization’s intel requirements in the TI Ops Platform’s Intelligence Requirements feature, analysts can quickly provide intel to help decision-makers answer critical questions and stay informed about emerging threats. The structured threat intel feed allows for efficient communication and informed strategies.

Benefits of CAL ATL

The practical approach of CAL ATL offers a robust, accurate, and actionable solution to the challenges of handling high volumes and varieties of OSINT. By staying abreast of the latest threats, improving analyst operational efficiency, and facilitating faster, informed decision-making, CAL ATL becomes an essential tool in the cybersecurity arsenal.

For more details, please tour the ThreatConnect TI Ops and reach out to or request a demo to learn more about how ThreatConnect can help you operationalize your threat intel program.

About the Author

Dan McCorriston

Dan McCorriston is a Senior Product Marketing Manager for ThreatConnect. He is passionate about technology, collaborating with developers, identity, and cybersecurity. Out of the office, he likes to hike, cook and spend time with his family.