Skip to main content
Custom print
Download Original PDF

Annex F. Intelligence Standard Operating Procedures

No: 43065348 Date(g): 27/2/2022 | Date(h): 26/7/1443

Effective from Feb 27 2022 - Feb 26 2022
To view other versions open the versions tab on the right

Below are listed some examples of how SOPs should help users when performing specific kind of threat intelligence. 
 
When performing deep and dark web intelligence, the step-by-step instructions should help users in identifying all the elements needed to properly conduct it, including but not limited to: 
 
 
  •  
Using a controlled isolated and untraceable environment such as a Virtual Machine (VM)
 
 
  •  
Update and collect a list of deep web and dark web forums and marketplaces
 
 
  •  
Create various avatars for access
 
Similarly, when performing Social Media Intelligence (SOCMINT), the step-by-step instructions should help in identifying all the elements needed to properly conduct it, for example: 
 
 
  •  
Providing users with a list of different types of sources and continuously updating this list (e.g. Blogs, microblogs, social networks, images, video, and discussion forums)
 
 
  •  
Conduct training on Social network and online video hosting and sharing platform (e.g. Twitter, Facebook, YouTube etc.)
 
 
  •  
Using social media tools when possible (commercial and open-source)
 
In the same way, when performing human intelligence (HUMINT), the step-by-step instructions should help users in identifying all the elements needed to properly conduct it, including but not limited to: 
 
 
  •  
Conduct ethics training for analysts performing active engagements online
 
 
  •  
Implement SOPs related to forum and marketplace accesses
 
 
  •  
Build an avatar for each access to avoid traceback
 
 
  •  
Understanding the difference between active and passive monitoring