NOTE: Expressing the confidence or the lack of it in an analysis is a critical step to help a partner or a third-party to check your hypotheses and conclusions.
To ascertain this confidence level you can use for example the MISP <<MISPTaxonomies>> called https://www.misp-project.org/taxonomies.html#_admiralty_scale[admiralty-scale] and/or https://www.misp-project.org/taxonomies.html#_estimative_language[estimative-language].
This is a very human way to describe either globally an event or individual indicators of an event, with a set of easy to read human tags. (e.g: `admiralty-scale:source-reliability="a/b/c..."`, `estimative-language:likelihood-probability="almost-no-chance"`, `estimative-language:confidence-in-analytic-judgment="moderate"`).
Generally it is good practice to do this globally for the event as this will enrich the trust/value if set. If it's a specific attribute, then the confidence can be described at more granular levels.
- Allow receiving organisations to filter, classify and score the information in an automated way based on related tags
- Information with low-confidence can still be shared and reach communities or organisations interested in such information without impacting organisations filtering out by increased confidence level
- Support counter analyses and competitive analyses to validate hypotheses expressed in original reporting
- Expressing confidence allows the use of in the https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html/[decaying indicators feature] in MISP to lower or increase the lifetime of an information
TIP: <<MISPTaxonomies>> contain an exhaustive list of confidence levels including words of https://www.misp-project.org/taxonomies.html#_estimative_language[estimative probability] or confidence in analytic judgment.
TIP: threat-intelligence.eu includes an overview of the https://www.threat-intelligence.eu/methodologies/[methodologies and process to support threat intelligence].