← Back to Insights

FIMI Module: How is FIMI reported?

By Julian 25 November 2024

Logo

FIMI Module: How is FIMI reported?

By Julian | Last Updated: 17 January 2025

There are a number of groups producing reporting for FIMI often with different metrics of reporting. The more reporting is done in the same way, the more the data is similarly structured and more easily compared. Efforts to make reporting streamlined are advisable.

Standardized reporting

The European External Action service uses a standardized means of reporting on FIMI incidents which incorporates cataloguing data about the incident:

Severity: Reach of a FIMI/disinformation event

Duration: Short/Medium/Long

Impact: Domains affected

Threat actors: Technical or political attribution to a state,non-state actor or proxy

Motivation Reason underlying an information event

Behavior: the Tactics, Techniques and Behaviors as seen in the DISARM framework

Database: Open CTI is main platform used for staring data by the European External Action Service

The EEAS is not the only group that is reporting on FIMI. There are a number of groups that use similar reporting systems with slight differences. Whether that is the breakout scale instead of measuring severity, or other threat intelligence platforms other than Open CTI. Different organizations have different capacities for reporting and may not be able to dedicate the same resources to the task. Other groups focus more on dealing with the more narrative or content portions of FIMI rather than the behaviors. Another large point of difference is where organizations store their data.

Storing the data

Reports are often structure in a way that is meant to be compatible with a database. Some reporting takes places in excel files or documents and these are either manually entered into databases or they are uploaded via structured templates that are automatically read by python scripts.

Overall the majority of the field uses Open CTI as a database however some organizations use other means of storing data from reporting.

The benefit of a database is that you can more easily examine the details of FIMI cases, have a record of assets used by FIMI actors to make them easier to find. Additionally you can have an overview of what techniques are most commonly used so that you can prioritize what to counter.

Subscribe now &

Get the latest updates

Subscribe

All Insights