This paper will detail the value proposition of identifying attacker TTPs and understanding information source types so that organizations can improve collection strategies, analyze the resulting information, and turn it into a workflow for relevant and timely intelligence reporting.