One of the biggest challenges that cyber threat intelligence (CTI) teams face each day is how to unpack and action on the massive amount of information available to them. Being left of the kill chain means identifying what information your security team is collecting and processing before an attack occurs. Prioritizing what information is collected and processed is critical to avoid being overwhelmed by the vast amount of data available to analysts today. Target has developed automation to address the collection and processing of raw information, which typically consumes most of the work in the intelligence cycle. This presentation will provide insight into the diverse technology stack Target uses to automate intelligence collection for their CTI team. Specific examples will be provided of how Target’s CTI team uses this tech stack to produce analysis and detection for high-priority threat actors, such as FIN7.