Operationalizing Structured Direction and Planning for Cyber Threat Intelligence: A Practical Implementation for the Brazilian Financial System
Pedro Gontijo, Robson Albuquerque, and João Gondim
Critical Infrastructures (CIs) increasingly rely on Cyber Threat Intelligence (CTI) to anticipate risks and enhance resilience against sophisticated attacks. However, the early phase of Direction and Planning (DP) remains underexplored, leading to informational noise and weak traceability between strategic intent and operational collection. This paper presents a practical implementation that operationalizes a structured DP method inside OpenCTI, a Threat Intelligence Platform (TIP). A Python-based classification engine was developed to apply lexical filters driven by Priority Intelligence Requirements (PIRs) across STIX objects, automatically labeling and reducing large-scale datasets into sector-specific intelligence. From an initial baseline of over 147,000 STIX Domain Objects, the automated pipeline reduced the dataset to 415 items, corresponding to an approximate 99.7% reduction in volume and yielding significant gains in focus, noise mitigation, and regulatory alignment. The proposed approach serves as a replicable, TIP-native proof of concept that connects strategic direction to concrete collection actions and can be adapted to other Brazilian critical sectors beyond the financial domain.
