Gerenderte Dokumentation
Diese Seite rendert das Markdown und Mermaid des Moduls direkt aus der offentlichen Dokumentationsquelle.
Overview#
SACTI Sighting Aggregation provides a specialised workflow for collecting, consolidating, and reviewing cyber threat intelligence sightings and related indicators. The module helps teams track total sightings, count unique indicators, and monitor average confidence so they can turn fragmented reports into a more coherent view of indicator relevance and prevalence.
Key Features#
- Sighting Aggregation - Combines multiple indicator sightings into a single operational view
- Unique Indicator Tracking - Shows how many distinct indicators are represented across the collected sightings
- Confidence Monitoring - Surfaces average confidence to help analysts judge the strength of the aggregated sighting picture
- Indicator-Centric Workflow - Keeps the focus on operational indicator handling rather than generic reporting or static lists
- Threat-Intelligence Support - Fits naturally into threat-intelligence and cyber-response operations
Use Cases#
- Indicator Validation - Threat-intelligence teams compare repeated sightings to determine whether an indicator deserves elevation or wider distribution
- Crowdsourced Reporting Consolidation - Organisations aggregate incoming sighting reports from multiple internal or partner sources into a single view
- Confidence-Based Prioritisation - Analysts use aggregate confidence to prioritise which indicators merit deeper investigation or defensive action
- Threat Trend Monitoring - Teams monitor whether the same indicator family is appearing repeatedly across the reporting base
Integration#
- Threat-intelligence indicator workflows
- Sighting submission and review processes
- Cyber and CERT workbenches
- Indicator enrichment and dissemination pipelines
Last Reviewed: 2026-03-25