Member Organizations should establish the delivery mechanism of the threat intelligence produced which includes, but is not limited to:
Cyber threat bulletins including cyber threat information that may be useful for the organizations
Simple alerts sent out by phone, text, or email
Detailed reports enriched with analysis, tables, numbers, graphics, and multimedia
Machine-readable data feeds based on a proprietary or open standard structured threat intelligence notation, for Security Information and Event Management (SIEM), anti-virus software, firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS) and forensic tools
Custom-designed output for in house systems
Application Programming Interfaces (APIs) enabling direct system connection for the purposes of intelligence query or retrieval
Secure online portals providing on-demand access to an up-to-date threat intelligence database and range of analytical functions that could be as basic as from simple queries to more complex data mining
