Anthropic-Cybersecurity-Skills/skills/implementing-diamond-model-analysis/references/workflows.md

Diamond Model Analysis Workflows

Workflow 1: Collection and Analysis

[Intelligence Sources] --> [Data Collection] --> [Analysis] --> [Reporting]
        |                        |                   |               |
        v                        v                   v               v
  OSINT/HUMINT/SIGINT    Normalize/Enrich    Assess/Correlate  Disseminate

Steps:

1. Planning: Define intelligence requirements and collection priorities
2. Collection: Gather data from relevant sources
3. Processing: Normalize data formats and filter noise
4. Analysis: Apply analytical frameworks and correlate findings
5. Production: Generate intelligence products and reports
6. Dissemination: Share with stakeholders via appropriate channels
7. Feedback: Collect consumer feedback to refine future collection

Workflow 2: Continuous Monitoring

[Watchlist] --> [Automated Monitoring] --> [Change Detection] --> [Alert/Update]

Steps:

1. Define Watchlist: Identify indicators, actors, and topics to monitor
2. Configure Monitoring: Set up automated collection from relevant sources
3. Change Detection: Identify new or changed intelligence
4. Assessment: Evaluate significance of changes
5. Alerting: Notify stakeholders of significant intelligence updates
6. Archive: Store intelligence for historical analysis and trending