Core Intel Fusion - User Guide
Progredi Systems, LLC Production CTI Source Portfolio Optimization Tool https://intelfusion.progrediai.com
Table of Contents
- Getting Started
- Dashboard
- Sources
- Overlap Analysis
- Recommendations
- AI Analyst
- Settings
- Admin
- Roles & Permissions
- Support
1. Getting Started
Logging In
Core Intel Fusion uses AWS Cognito for authentication. To sign in, navigate to https://intelfusion.progrediai.com and enter your email address and password.
First-time users: You will receive an email invitation containing a temporary password. On your first login, you will be prompted to set a permanent password. Passwords must meet the following requirements:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Multi-Factor Authentication (MFA): When MFA is enabled for your organization, you will be prompted to configure an authenticator app (such as Google Authenticator or Authy) after entering your credentials. MFA adds a second layer of protection to your account and is strongly recommended for all users.
Navigation
Once logged in, use the sidebar on the left side of the screen to navigate between sections:
- Dashboard -- Your at-a-glance summary of portfolio health
- Sources -- Browse, add, and manage CTI sources
- Overlap Analysis -- Understand redundancy across your source portfolio
- Recommendations -- Actionable optimization suggestions
- AI Analyst -- Conversational intelligence assistant
- Settings -- System configuration and analysis controls
- Admin -- Service health monitoring (admin role only)
The sidebar can be collapsed for a wider working area by clicking the toggle at the top.
2. Dashboard
The Dashboard is your landing page and provides a high-level view of your CTI source portfolio's health and efficiency.
KPI Cards
Four key performance indicator cards are displayed at the top of the Dashboard:
| Card | What It Shows |
|---|---|
| Total Sources | The number of CTI sources currently active in your portfolio. |
| Avg Overlap | The average pairwise overlap percentage across all source pairs, indicating overall redundancy. |
| Annual Spend | The combined annual cost of all commercial (paid) sources in your portfolio. |
| Coverage Score | A composite score (0--100%) reflecting how well your portfolio covers the threat landscape, based on MITRE ATT&CK technique coverage. |
How Are These Metrics Calculated?
An expandable banner beneath the KPI cards explains the methodology behind each metric. Click the banner to expand it and review how overlap, coverage, and spend figures are derived. This is useful when presenting metrics to leadership or auditors who want to understand the underlying calculations.
Source Overview Table
Below the KPI cards, a summary table lists your active sources with key attributes such as name, category, IOC count, freshness, cost, and coverage score. This table provides a quick snapshot without needing to navigate to the full Sources page.
Recommendation Highlights
The bottom section of the Dashboard surfaces the most impactful recommendations generated by the system. These are pulled from the full Recommendations page and prioritized by potential ROI, giving you immediate visibility into the highest-value optimization opportunities.
3. Sources
The Sources page displays your full CTI source portfolio as a card grid. Core Intel Fusion ships with 45 pre-loaded sources representing the most widely used intelligence feeds across the industry.
Source Categories
Sources are organized into three categories:
| Category | Description | Typical Cost |
|---|---|---|
| PAI (Publicly Available Information) | Open-source intelligence feeds, community threat data, and public repositories. | Free |
| CAI (Commercially Available Information) | Licensed commercial threat intelligence platforms, premium feeds, and vendor-provided data. | Paid (annual subscription) |
| Government | Government-sponsored threat sharing programs, national CERT feeds, and public sector intelligence. | Free |
Source Metrics
Each source card displays the following metrics:
- IOC Count -- The total number of Indicators of Compromise (IP addresses, domains, hashes, URLs, etc.) provided by the source.
- Freshness (Days) -- How recently the source's data was last updated. Lower numbers indicate more current intelligence.
- Annual Cost -- The yearly subscription cost for the source. PAI and Government sources display $0.
- Coverage Score -- A 0--100% score reflecting how many MITRE ATT&CK techniques this source provides intelligence on.
Managing Sources
Users with the admin or analyst role can perform the following actions:
- Add a Source -- Click the "Add Source" button to register a new CTI source. You will be prompted to enter the source name, category, cost, and other relevant details.
- Edit a Source -- Click the edit icon on any source card to update its information, such as cost changes or category corrections.
- Delete a Source -- Click the delete icon to remove a source from your portfolio. You will be asked to confirm before the source is permanently removed.
Viewer-role users can browse and review sources but cannot make changes.
Source Types Explained
Understanding the distinction between source types helps you build a balanced portfolio:
- PAI/Open-Source sources are freely available and often community-driven. They provide broad coverage but may have slower update cycles or lower curation standards. Examples include OSINT feeds, public blocklists, and community threat exchanges.
- CAI/Commercial sources are subscription-based services from threat intelligence vendors. They typically offer curated, high-fidelity intelligence with faster update cycles and dedicated analyst support. These represent the bulk of your annual spend.
- Government sources come from national cybersecurity agencies and information sharing programs. They are free to qualifying organizations and often provide unique intelligence on nation-state threats and critical infrastructure risks.
4. Overlap Analysis
The Overlap Analysis page is the analytical core of Core Intel Fusion. It helps you understand where your CTI sources are providing redundant intelligence -- and where that redundancy is costing you money.
The page is organized into four tabbed views:
Tab 1: Top Redundancies
A horizontal bar chart highlighting the costliest overlapping source pairs in your portfolio. Each bar represents a pair of sources with significant IOC overlap, ranked by the estimated financial impact of their redundancy. This view answers the question: "Where am I spending the most money on duplicate intelligence?"
Use this view to quickly identify the highest-value consolidation opportunities.
Tab 2: Source Scorecard
A per-source breakdown of redundancy, grouped by source type (PAI, CAI, Government). For each source, you can see:
- Its overall redundancy percentage
- Which other sources it overlaps with most
- The financial impact of that overlap
This view helps you evaluate individual sources and decide which ones are carrying their weight versus which ones are largely duplicating intelligence you already have.
Tab 3: Heatmap
An interactive pairwise overlap matrix showing the Jaccard similarity between every combination of sources. By default, the heatmap displays the top 15 sources (ranked by overlap significance), but you can expand it to include all sources in your portfolio.
- Darker cells indicate higher overlap between two sources
- Hover over any cell to see the exact overlap percentage
- Click any cell to open the detail panel (see below)
The heatmap provides a visual overview of redundancy patterns across your entire portfolio at a glance.
Tab 4: Category View
A 3x3 grid showing the average overlap between each combination of source categories:
| PAI | CAI | Government | |
|---|---|---|---|
| PAI | PAI-to-PAI overlap | PAI-to-CAI overlap | PAI-to-Gov overlap |
| CAI | CAI-to-PAI overlap | CAI-to-CAI overlap | CAI-to-Gov overlap |
| Government | Gov-to-PAI overlap | Gov-to-CAI overlap | Gov-to-Gov overlap |
This high-level view reveals systemic redundancy patterns. For example, if your CAI-to-CAI overlap is high, you may be paying multiple vendors for substantially similar intelligence.
Detail Panel
Clicking any source pair (from any of the four views) opens a detail panel on the right side of the screen. The panel displays:
- Overlap Percentage -- The Jaccard similarity coefficient between the two sources' IOC sets.
- Unique Percentage -- The proportion of IOCs that are unique to each source in the pair.
- Financial Impact -- The estimated annual cost attributable to the overlapping (redundant) portion of the more expensive source.
- Visual Bar -- A stacked bar graphic illustrating the shared vs. unique IOC breakdown.
This panel gives you the data you need to make informed decisions about source consolidation.
5. Recommendations
The Recommendations page presents actionable, data-driven suggestions for optimizing your CTI source portfolio. Each recommendation is generated based on the overlap analysis and source metrics.
Priority Levels
Recommendations are assigned one of four priority levels:
| Priority | Meaning |
|---|---|
| Critical | Immediate action recommended. High redundancy and significant cost impact. |
| High | Should be addressed soon. Notable overlap with meaningful financial implications. |
| Medium | Worth evaluating. Moderate overlap or cost optimization opportunity. |
| Low | Minor optimization. Consider when reviewing portfolio during regular planning cycles. |
Categories
Each recommendation falls into a category that describes the type of action suggested, such as source consolidation, coverage gap remediation, cost optimization, or source replacement.
Accept / Reject Workflow
For each recommendation, you can:
- Accept -- Mark the recommendation as accepted. This signals your intent to act on it and moves it to your accepted queue for tracking.
- Reject -- Dismiss the recommendation if it does not apply to your organization's requirements. You can optionally provide a reason for rejection.
Accepted and rejected recommendations are tracked over time, giving you and your leadership a record of portfolio optimization decisions.
ROI Estimates
Each recommendation includes an estimated return on investment, expressed as projected annual savings or efficiency gains. These estimates are derived from the overlap analysis data and source cost information, helping you prioritize recommendations by their financial impact.
6. AI Analyst
The AI Analyst is an embedded conversational assistant that helps you interpret your CTI portfolio data, explore optimization strategies, and prepare briefings -- all through natural language.
Technology
The AI Analyst is powered by Claude, Anthropic's AI assistant, accessed via AWS Bedrock. All processing occurs entirely within your AWS environment. No data is sent to external APIs or third-party services.
Audience Role Selector
Before starting a conversation, select the audience role that best matches your needs:
| Role | Tailored For |
|---|---|
| CISO | Executive-level summaries, risk posture assessments, budget justifications, and board-ready briefing language. |
| IT Ops | Technical implementation details, integration guidance, operational impact analysis, and remediation steps. |
| Program Manager | Project planning, milestone tracking, vendor evaluation support, and ROI-focused analysis. |
The AI Analyst adjusts its tone, depth, and focus based on the selected role, ensuring you get responses appropriate for your audience.
Example Prompts
Here are some examples of questions you can ask the AI Analyst:
- "Summarize my top 3 redundancy issues and recommend which sources to drop."
- "Prepare a one-page briefing on our CTI portfolio health for the CISO."
- "Which of my commercial sources have the lowest unique IOC contribution?"
- "What coverage gaps do I have in the MITRE ATT&CK framework?"
- "If I had to cut $50K from my annual CTI spend, what would you recommend?"
- "Compare my PAI sources and tell me which ones are most valuable."
- "Draft talking points for a budget review meeting about our threat intel investments."
Session Management
Your AI Analyst conversations are saved as sessions. You can:
- Start a new session at any time
- Return to previous sessions to review past analysis
- Each session maintains its conversation history for context continuity
Data Privacy
All AI Analyst interactions are processed within your AWS infrastructure via Bedrock. Your CTI source data, IOC sets, and portfolio information never leave your AWS environment. There are no external API calls, no data sharing with third parties, and no model training on your data.
7. Settings
The Settings page provides system configuration options and analysis controls.
Run Analysis
Click the Run Analysis button to trigger an overlap computation across your full source portfolio. This process:
- Compares IOC sets across all active sources
- Calculates pairwise Jaccard similarity coefficients
- Updates overlap percentages, redundancy scores, and financial impact estimates
- Refreshes recommendations based on the new analysis
Run Analysis after adding, removing, or significantly updating sources to ensure your overlap data and recommendations reflect the current state of your portfolio.
System Information Panel
The System Information panel displays details about the current deployment, including version numbers, last analysis timestamp, and environment configuration. This information is useful for support requests and troubleshooting.
8. Admin
The Admin page is available only to users with the admin role. It provides a service health dashboard for monitoring the operational status of Core Intel Fusion's backend components.
Service Health Dashboard
The dashboard displays real-time status for the following services:
| Service | Description |
|---|---|
| Backend | The core API server handling data processing and business logic. |
| Frontend | The web application serving the user interface. |
| AI Analyst | The Claude-powered conversational assistant via AWS Bedrock. |
| Database | The primary data store for source information, IOC data, and analysis results. |
| Redis | The in-memory cache layer supporting session management and performance optimization. |
| MCP Server | The Model Context Protocol server enabling the AI Analyst to access portfolio data. |
Each service shows its current status (healthy, degraded, or down), uptime, and last health check timestamp. If a service is reporting issues, the dashboard provides diagnostic information to assist with troubleshooting.
9. Roles & Permissions
Core Intel Fusion uses a role-based access control model with three roles:
| Role | Access Level | Capabilities |
|---|---|---|
| Admin | Full access | All features including user management, service health monitoring, system settings, source management, overlap analysis, recommendations, and AI Analyst. |
| Analyst | Read/Write | Source management (add, edit, delete), overlap analysis, recommendations (accept/reject), AI Analyst, and Dashboard. Cannot access the Admin page or modify system settings. |
| Viewer | Read-only | Dashboard, Sources (view only), Overlap Analysis (view only), Recommendations (view only), and AI Analyst. Cannot add, edit, or delete sources or accept/reject recommendations. |
Roles are assigned by an admin during user provisioning. If you need a role change, contact your organization's admin or reach out to support.
10. Support
For questions, issues, or feature requests, contact the Progredi Systems support team:
Email: support@progrediai.com
When submitting a support request, please include:
- Your username and organization
- A description of the issue or question
- Screenshots if applicable
- The information from the System Information panel (found on the Settings page)
Our team will respond within one business day.
Core Intel Fusion is developed and maintained by Progredi Systems, LLC. https://intelfusion.progrediai.com