Back to Catalog
Defense-Threat-Intel icon

Defense-Threat-Intel

Verified

by Dryade

enterprise general
0.0 (0 ratings) 0 downloads

Description

Multi-source threat intelligence analysis with entity correlation, pattern detection, and intelligence product generation

Screenshots

Details

defense-threat-intel

Tier: Enterprise | Type: Agent | Category: Intelligence | Version: 1.0.0

Sovereign AI-powered threat intelligence analyzer for multi-source OSINT correlation, entity extraction, credibility assessment, and structured intelligence product generation. Designed for on-premise and air-gapped deployment.

1. Overview

Plugin Name: defense-threat-intel Slug: defense-threat-intel Required Tier: Enterprise Plugin Type: Agent Category: Intelligence Author: Dryade License: DSUL

What It Does

Ingests multi-source intelligence reports (OSINT, official communications, satellite analysis), extracts named entities, correlates information across sources, assesses credibility using the NATO admiralty system, and generates structured intelligence products (threat assessments, timelines).

Key Capabilities

  • Multi-source OSINT report analysis with indicator detection
  • Named entity extraction (persons, organizations, locations, events)
  • Cross-source correlation identifying corroborated vs. unique intelligence
  • NATO admiralty system credibility assessment (A-F / 1-6)
  • Chronological timeline construction from multiple sources
  • Structured threat assessment generation with French defense terminology

2. User Stories

Primary User Stories

US-1: Multi-Source Intelligence Correlation

As an intelligence analyst, I want to correlate information across multiple OSINT reports so that I can identify corroborated intelligence and emerging patterns.

Acceptance Criteria:

  • [x] Entities mentioned across 2+ sources are flagged as corroborated
  • [x] Unique mentions are flagged for further verification
  • [x] Correlation confidence levels are assigned

US-2: Threat Assessment Generation

As a threat assessment officer, I want to generate structured threat assessments from available intelligence so that I can brief decision-makers efficiently.

Acceptance Criteria:

  • [x] Formal threat assessment document generated with all required sections
  • [x] Threat level classification (faible/modere/eleve/critique)
  • [x] Source attribution and recommendations included

3. Architecture

Component Diagram

+------------------+     +------------------+     +------------------+
|   Orchestrator   | --> | Threat Intel     | --> |  Data Provider   |
|  (agent tools)   |     | plugin.py        |     |  (mock / real)   |
+------------------+     +------------------+     +------------------+
                                |
                          +-----v------+
                          |  Demo Data |
                          |  data/*.json|
                          +------------+

Dependencies

  • Internal: core.plugins.EnterprisePluginProtocol, core.plugin_config_store.PluginConfigStore
  • External: None (standard library only)
  • Plugin: None

4. Agent Capabilities

Agent Tools

| Tool Name | Input | Output | Description | |-----------|-------|--------|-------------| | analyze_osint_report | report_text: str | JSON analysis | Analyze OSINT report for key indicators | | extract_entities | text: str | JSON entities by category | Extract named entities from text | | correlate_sources | report_ids: str | JSON correlation results | Cross-correlate multiple reports | | assess_credibility | source_type: str, report_text: str | JSON credibility rating | NATO admiralty credibility assessment | | build_timeline | report_ids: str | JSON timeline | Build chronological event timeline | | generate_threat_assessment | topic: str, region: str | JSON threat assessment | Generate structured threat assessment |

5. Data Flow

Demo Data Description

  • entity_database.json: 15 entities (5 persons, 5 organizations, 5 locations) in fictional Ostlavie-Valdorie scenario
  • osint_reports.json: 8 synthetic OSINT reports across media, official, satellite, and social media sources
  • credibility_rubric.json: NATO admiralty credibility system reference
  • threat_assessment_template.json: Formal threat assessment template with 9 sections
  • geopolitical_context.json: Fictional geopolitical scenario background

Total: 5 demo files covering a complete fictional intelligence scenario.

6. Security Considerations

Data Handling

  • PII: No - all demo data uses entirely fictional entities
  • Encryption: N/A - on-premise only, designed for air-gapped networks
  • Data Retention: Plugin does not persist data beyond the session

Isolation

  • Fully on-premise, zero external network dependencies in mock mode
  • Designed for deployment in classified network environments (SCIF-compatible)
  • No data exfiltration risk - all processing is local

7. Test Plan

Test Classes

| Class | Tests | Coverage Target | |-------|-------|----------------| | TestPluginAttributes | 8 tests | Manifest consistency | | TestPluginConfig | 2 tests | Mock/real toggle | | TestDemoData | 6 tests | Data presence and structure | | TestThreatIntel | 8 tests | Core intelligence analysis |

Running Tests

cd dryade-plugins
python -m pytest enterprise/defense-threat-intel/tests/ -x -v --tb=short

8. Deployment Notes

Requirements

No external packages required.

Configuration

{
    "data_source": "mock"
}

Compatibility

  • Min Dryade Version: 1.0.0
  • Python: >=3.11
  • Notes: On-premise and air-gapped deployment only. No cloud dependencies.

9. User Guide

Getting Started

  1. Ensure your Dryade instance has an Enterprise tier license
  2. Install the plugin via the marketplace or dryade-pm push
  3. Ask the AI assistant to "analyze this intelligence report"
  4. Provide OSINT text or request correlation across reports

Common Workflows

Workflow 1: OSINT Analysis

  1. Provide an OSINT report text
  2. Ask: "Analyze this report and extract entities"
  3. Review findings, indicators, and entity relationships

Workflow 2: Multi-Source Correlation

  1. Analyze multiple reports individually
  2. Ask: "Correlate reports RPT-001, RPT-002, RPT-003"
  3. Review corroborated entities and build a timeline

10. Screenshots

Screenshots will be added after UI integration.

11. Changelog

1.0.0 (2026-03-05)

  • Initial release
  • OSINT analysis with threat indicator detection
  • Entity extraction (persons, organizations, locations)
  • Multi-source correlation engine
  • NATO admiralty credibility assessment
  • Timeline construction
  • Threat assessment generation
  • Fictional Ostlavie-Valdorie scenario demo data

Future Roadmap

  • [ ] NLP-powered entity extraction (spaCy/transformers)
  • [ ] GDELT feed integration for real mode
  • [ ] Link analysis visualization
  • [ ] Geospatial event mapping
Subscribe & Install

Requires enterprise tier subscription

Plugin Info

Version 1.0.0
Author Dryade
Tier enterprise
Category general
Type backend
Downloads 0
Updated Mar 15, 2026

Tags

enterprisedefense-threat-intel