Core Intel Fusion - Frequently Asked Questions
Progredi Systems, LLC https://intelfusion.progrediai.com
Table of Contents
General
1. What is Core Intel Fusion?
Core Intel Fusion is a Cyber Threat Intelligence (CTI) source portfolio optimization tool. It helps organizations evaluate, rationalize, and optimize their collection of threat intelligence sources by identifying overlap, quantifying redundancy costs, surfacing coverage gaps, and providing actionable recommendations to improve portfolio efficiency.
2. Who is Core Intel Fusion designed for?
Core Intel Fusion is built for CISOs, cyber threat analysts, IT operations leads, and program managers responsible for managing threat intelligence programs. Whether you are justifying your CTI budget to leadership or deciding which feeds to renew, Core Intel Fusion provides the data and analysis to support those decisions.
3. What problem does Core Intel Fusion solve?
Most organizations subscribe to multiple CTI sources without a clear understanding of how much those sources overlap. This leads to paying for redundant intelligence, missing coverage gaps, and difficulty justifying spend. Core Intel Fusion solves this by analyzing the actual IOC data across all your sources, computing pairwise overlap, estimating financial waste from redundancy, and generating prioritized recommendations for optimization.
4. Is Core Intel Fusion a threat intelligence platform (TIP)?
No. Core Intel Fusion is not a TIP and does not replace platforms like MISP, ThreatConnect, or Anomali. Instead, it sits alongside your existing tools and focuses specifically on source portfolio optimization -- helping you decide which sources to keep, consolidate, or replace. Think of it as a portfolio management layer for your CTI program.
Data & Metrics
5. What is the Coverage Score?
The Coverage Score is a metric ranging from 0% to 100% that reflects how well a given source (or your entire portfolio) covers the threat landscape. It is calculated based on MITRE ATT&CK technique coverage -- specifically, the percentage of ATT&CK techniques for which the source provides relevant indicators of compromise or intelligence. A higher score means broader coverage across the known threat landscape.
6. How is overlap computed?
Overlap between two sources is calculated using the Jaccard similarity coefficient applied to their IOC (Indicator of Compromise) sets. The formula is:
Overlap = |A intersection B| / |A union B|
Where A and B are the IOC sets of two sources. A Jaccard similarity of 0% means the two sources share no IOCs, while 100% means their IOC sets are identical. This provides a mathematically rigorous, objective measure of redundancy between any two sources.
7. What are PAI, CAI, and Government sources?
These are the three source categories used in Core Intel Fusion:
- PAI (Publicly Available Information): Open-source intelligence feeds that are freely accessible. Examples include community threat exchanges, public blocklists, and OSINT repositories.
- CAI (Commercially Available Information): Licensed, subscription-based threat intelligence from vendors. These are paid sources that typically offer curated, high-fidelity intelligence.
- Government: Intelligence feeds provided by government agencies, national CERTs, and public sector information sharing programs. These are typically free to qualifying organizations.
8. How often is the data refreshed?
Source data freshness varies by source and is displayed on each source card as "Freshness (Days)." The overlap analysis and recommendations are updated when you click the Run Analysis button on the Settings page. We recommend running analysis after adding, removing, or updating sources, or on a regular schedule that aligns with your organization's review cycle.
Sources
9. Can I add custom sources?
Yes. Users with the admin or analyst role can add custom CTI sources to the portfolio. Click the "Add Source" button on the Sources page and provide the source name, category, cost, and relevant metadata. This allows you to model your exact portfolio, including niche or internal intelligence feeds.
10. What are the 45 pre-loaded sources?
Core Intel Fusion ships with 45 pre-configured sources representing the most widely used CTI feeds across the industry. These span all three categories (PAI, CAI, and Government) and include well-known feeds such as public OSINT repositories, major commercial threat intelligence platforms, and government-sponsored sharing programs. The pre-loaded set provides a comprehensive starting point that most organizations can use immediately.
11. Can I remove a source?
Yes. Users with the admin or analyst role can delete any source from the portfolio by clicking the delete icon on the source card. You will be asked to confirm before the source is permanently removed. After removing a source, run the analysis again from the Settings page to update your overlap data and recommendations.
12. What happens to the analysis when I add or remove a source?
Adding or removing a source does not automatically recompute the overlap analysis. You need to click the Run Analysis button on the Settings page to trigger a fresh computation. This ensures you have full control over when analysis runs and avoids unnecessary processing during bulk portfolio changes.
AI Analyst
13. What AI model powers the AI Analyst?
The AI Analyst is powered by Claude, Anthropic's AI assistant, accessed through AWS Bedrock. Bedrock provides a fully managed, serverless interface to Claude within your AWS environment, ensuring enterprise-grade reliability and security.
14. Is my data sent to external services when using the AI Analyst?
No. All AI Analyst processing occurs entirely within your AWS infrastructure via AWS Bedrock. Your CTI source data, IOC sets, portfolio information, and conversation history never leave your AWS environment. There are no external API calls, no data transmitted to third parties, and Anthropic does not train models on your data when accessed through Bedrock.
15. What kinds of questions can I ask the AI Analyst?
You can ask the AI Analyst about any aspect of your CTI portfolio, including:
- Summarizing redundancy issues and recommending source consolidation
- Identifying coverage gaps in your MITRE ATT&CK coverage
- Comparing sources by value, cost, or unique contribution
- Preparing executive briefings and budget justifications
- Analyzing the financial impact of dropping or adding specific sources
- Exploring optimization scenarios (e.g., "What if I cut $50K in spend?")
The AI Analyst has full context on your portfolio data and can provide tailored analysis based on your selected audience role (CISO, IT Ops, or Program Manager).
16. What are the audience roles in the AI Analyst?
Before starting a conversation, you can select one of three audience roles:
- CISO: Responses are tailored for executive-level communication -- risk posture summaries, budget justifications, and board-ready language.
- IT Ops: Responses focus on technical details -- implementation guidance, integration considerations, and operational impact.
- Program Manager: Responses emphasize project planning, milestone tracking, vendor evaluation, and ROI analysis.
The selected role adjusts the tone, depth, and focus of the AI Analyst's responses.
Security
17. What encryption does Core Intel Fusion use?
Core Intel Fusion employs encryption at every layer:
- At rest: All data is encrypted using AWS KMS with Customer Managed Keys (CMK), giving your organization full control over key lifecycle and access policies.
- In transit: All communications are encrypted using TLS 1.2 or higher, ensuring data is protected between your browser and the application, as well as between internal services.
18. Is Core Intel Fusion FedRAMP ready? Is it GovCloud compatible?
Core Intel Fusion is architected on AWS services that support FedRAMP and is designed with GovCloud compatibility in mind. The application uses Cognito for authentication, KMS CMK for encryption, and Bedrock for AI processing -- all of which are available in AWS GovCloud regions. For specific compliance questions related to your organization's authorization requirements, contact support@progrediai.com.
19. What authentication does Core Intel Fusion use?
Core Intel Fusion uses AWS Cognito for authentication. Users sign in with an email address and password. Multi-Factor Authentication (MFA) is supported and can be enabled for your organization, adding a second authentication factor via authenticator apps such as Google Authenticator or Authy. Role-based access control (admin, analyst, viewer) governs what each user can see and do within the application.
Technical
20. Does Core Intel Fusion offer API access?
API access capabilities are on the product roadmap. If programmatic access to overlap data, source information, or recommendations is a priority for your organization, please contact support@progrediai.com to discuss your requirements and timeline.
21. Can Core Intel Fusion integrate with my existing SIEM or SOAR platform?
Direct integrations with SIEM and SOAR platforms are planned for future releases. Core Intel Fusion is designed as a portfolio optimization layer that complements your existing security tooling. Integration capabilities will enable you to push recommendations and portfolio insights directly into platforms like Splunk, Sentinel, Cortex XSOAR, and others. Contact support@progrediai.com to express interest and help prioritize specific integrations.
22. Can I export data from Core Intel Fusion?
Export capabilities are being developed to support common formats for reporting and downstream integration. If you have an immediate export need, contact support@progrediai.com and our team can assist.
Support
23. How do I get help with Core Intel Fusion?
Contact the Progredi Systems support team at support@progrediai.com. When submitting a request, include your username, a description of the issue, and any relevant screenshots. The System Information panel on the Settings page contains version and environment details that are helpful for troubleshooting -- include those if possible.
24. How do I report a bug?
Send an email to support@progrediai.com with the subject line "Bug Report" and include:
- A description of the issue
- Steps to reproduce the behavior
- What you expected to happen vs. what actually happened
- Screenshots or screen recordings if applicable
- System Information from the Settings page
Our team will acknowledge your report and provide a timeline for resolution.
25. How do I request a new feature?
Send your feature request to support@progrediai.com with the subject line "Feature Request." Describe the capability you are looking for and how it would benefit your workflow. Feature requests are reviewed during our planning cycles, and we prioritize based on customer impact and alignment with the product roadmap.
Core Intel Fusion is developed and maintained by Progredi Systems, LLC. https://intelfusion.progrediai.com