During an investigation, the CSIRT or analysts may come across a situation where an incident investigation seems to have stalled. This could be due to the fact that the analysts know something is wrong or have indicators of a compromise but no concrete evidence to point in a specific direction. Threat intelligence can be leveraged by analysts to enhance their ability to discover previously undiscovered evidence.