Meridian
Intel Case Workspace
+ New Case
Import
☀
EN
▶ APT41 Demo (Supply Chain)
▶ NPD Demo (Data Breach)
Recent Cases
Select a case from the sidebar
✦
Esc
IOC seen in other cases
×
New Intelligence Case
×
Template
Case ID
Priority
Critical
High
Medium
Low
Case Name
Description
Tags
(comma-separated, optional)
Case Type
APT / Nation-State
Ransomware
Insider Threat
Fraud
Phishing Campaign
Vulnerability
Generic
Cancel
Create Case
Add PIR
×
Intelligence Requirement
GIR Category (Intel471 CU-GIR)
— Custom / Not linked
Malware
Vulnerabilities & Exploits
Infrastructure
Fraud, Identity & Access
Adversary TTPs & Activities
Threats by Industry / Region
Stakeholder Type
Management
Analyst
Technical
Priority
P1 — Critical
P2 — Normal
P3 — Low
MoSCoW
— Not set
Must Have
Should Have
Could Have
Won't Have
Time Type
Event-Driven
Evergreen
Owner (Analyst Responsible)
Target Audience
Success Criteria — when is this PIR considered answered?
▶
Essential Elements of Information (EEI) — 5W+H
WHO — Threat actor, organization
WHAT — Activity, capability, artifact
WHEN — Timing, frequency, window
WHERE — Geography, target sector
WHY — Motivation, intent
HOW — Technique, delivery method
Stakeholder Scoring — RACI weight 1–6
—
1 — Informed
2
3 — Consulted
4 — Accountable
5
6 — Responsible
—
1 — Informed
2
3 — Consulted
4 — Accountable
5
6 — Responsible
—
1 — Informed
2
3 — Consulted
4 — Accountable
5
6 — Responsible
—
1 — Informed
2
3 — Consulted
4 — Accountable
5
6 — Responsible
Total Stakeholder Score:
0
Due Date
(optional)
Follow-up Note
Intelligence Answer
Confidence Level
—
High
Medium
Low
Key Judgment / Finding
Cancel
Save PIR
Add Raw Intel
×
Title / Label
Type
Article / Report
Forum Post
Screenshot
News Feed
Manual Check
Other
Source URL (optional)
Raw Content / Notes
Screenshot / Image
Click to upload · Drag & drop ·
Ctrl+V
to paste screenshot
×
Size:
Linked PIRs
No PIRs in this case.
Cancel
Save
Add Collection Task
×
PIR
Source Type
OSINT
SIGINT
HUMINT
Internal
Vendor Feed
Other
Status
To Do
In Progress
Done
Blocked
Assigned To
Deadline
Method / Notes
Cancel
Save
Add IOC
×
IOC Value
Type
IP
Domain
URL
MD5
SHA-1
SHA-256
SHA-512
Email
CVE
Other
Confidence
Low
Medium
High
Status
Raw
Enriched
Confirmed
False Positive
Source
Tags (comma-sep)
Notes
Cancel
Save
Add Evidence
×
Evidence Type
Raw Data
URL / Link
Text / Report
IOC Reference
Log Entry
Tag
Supports Hypothesis
Contradicts
Neutral
Content
Source
Confidence
Low
Medium
High
Admiralty Source (A-F)
—
A — Completely reliable
B — Usually reliable
C — Fairly reliable
D — Not usually reliable
E — Unreliable
F — Reliability unknown
Admiralty Info (1-6)
—
1 — Confirmed
2 — Probably true
3 — Possibly true
4 — Doubtful
5 — Improbable
6 — Truth unknown
Link to PIRs
(optional)
No PIRs in this case yet
Cancel
Save
Add Event
×
Date / Timestamp
Kill Chain Phase
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
C2
Action on Objectives
Unknown
Event Title
Details
Source
Confidence
Low
Medium
High
Cancel
Save
Add Hypothesis
×
Hypothesis Statement
Cancel
Save
Add Technique
×
Tactic
— Select Tactic —
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Confidence
Low
Medium
High
Technique ID
Sub-technique (optional)
Technique Name
Notes
Cancel
Save
Bulk IOC Import
×
Paste IOCs — one per line (IP, domain, hash, URL, email, CVE)
Source
Default Confidence
Low
Medium
High
Import All
Cancel
Diamond Model
×
▲ Adversary
Name / Actor
Type
—
Nation-State
Criminal Group
Hacktivist
Insider
Unknown
Motivation
Notes
◁ Infrastructure
Type
—
Type 1 — Owned
Type 2 — Leased / Compromised
Items (IPs, domains, C2)
Notes
▷ Capability
Sophistication
—
Minimal
Developed
Advanced
Innovative
Tools / Malware
Notes
▽ Victim
Name / Organization
Sector
Assets Targeted
Notes
Cancel
Save Diamond
Threat Assessment
×
Attribution
Threat Actor
Type
—
Nation-State
Criminal Group
Hacktivist
Insider
Unknown
Motivation
—
Espionage
Financial Gain
Disruption
Ideology
Reputation
Attribution Confidence
Low
Medium
High
Notes
Targeting
Sector
Geography
Assets Targeted
Notes
Capabilities
Sophistication
—
Low — Script kiddie
Developed — Custom tools
Advanced — Zero-days
Innovative — Nation-state
Malware / Tools
TTPs Summary
Notes
Impact
Severity
—
Info
Low
Medium
High
Critical
Likelihood
—
Unlikely
Possible
Likely
Confirmed
Business Impact
Overall Assessment
TLP Classification
TLP:WHITE
TLP:GREEN
TLP:AMBER
TLP:RED
Overall Confidence
Low
Medium
High
Executive Summary
Recommendations
Cancel
Save Assessment
AI Assistant
×
Context
✦
Generate
Copy Result
Settings
×
Analyst Name
Groq API Key
Cancel
Save
Add Threat Actor
×
Actor Name
Type
Nation-State
Criminal Group
Hacktivist
Insider
Unknown
Origin / Country
Motivation
Aliases
(comma-separated)
Primary Targets
Known TTPs
(T-numbers)
Known Tools / Malware
Description / Notes
References
Cancel
Save Actor
Link Actor to Case
×
Cancel
Unlink Actor
Add Collection Task
×
Assigned To
Source Type
OSINT
TECHINT
HUMINT
Internal (SIEM/Logs)
Vendor / Feed
Other
Collection Target
(IP, domain, timeframe, system…)
Deadline
Status
Tasked
In Progress
Completed
Cancelled
Result / Finding
(fill when done)
Cancel
Save Task
Confirm
×
Cancel
Delete