typedb · james-whiteside · Jun 29, 2023 · Jun 13, 2023 · Jun 14, 2023 · Jun 14, 2023
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+**/.DS_Store
diff --git a/README.md b/README.md
@@ -29,9 +29,9 @@ For users with some experience. Learn more complex features while assuming knowl
 Learn how to use TypeDB as the database for an identity and access management (IAM) system. Uses a flexible data model
 to automate permission inheritance and policy enforcement at the schema level using rule-inference.
 
-### Cyber threat intelligence
+### [Cyber threat intelligence](https://github.com/vaticle/typedb-examples/tree/master/cyber-threat-intelligence)
 
-COMING SOON!
+Learn how to use TypeDB in a cyber threat intelligence (CTI) context in order to identify threats using powerful queries and rule-inference.
 
 ## Advanced
 

diff --git a/cyber-threat-intelligence/README.md b/cyber-threat-intelligence/README.md
@@ -0,0 +1,41 @@
+# Cyber threat intelligence 
+
+## Introduction
+
+In this demo, you'll learn how to use TypeDB as the database in a cyber threat intelligence context. We'll cover
+some basic operations like listing identities and their subtypes with the help of type-inference.
+We will then move on to some more advanced examples that take advantage of rules. 
+We'll see how we can automate threat discovery at the schema level with the creation of a new rule.
+
+## Required knowledge
+
+This demo assumes knowledge of:
+
+- TypeDB's transaction system.
+- All basic TypeQL syntax elements.
+- TypeDB Studio's interface.
+
+For more information, please see our [documentation](https://docs.vaticle.com/docs/general/introduction). 
+
+General knowledge of STIX2.1 would be a plus.
+
+
+## Getting started
+
+Start your TypeDB server and open TypeDB Studio. Make sure you are on a `schema-write` transaction and run the following
+TypeQL file:
+
+```define-schema.tql```
+
+Then switch to a `data-write` transaction and run the following:
+
+```insert-data.tql```
+
+Remember to click on the green tick after running each of these scripts to commit the changes to the database.
+
+## Running the examples
+
+To get started, try running the examples. They are intended to be run once each and in order, so be aware that running
+them more than once or out of order might generate data errors. If anything goes wrong, you can run the
+`insert-data.tql` script again to reset everything. All the examples use `data` sessions, but you'll have to switch
+between `read` and `write` transactions depending on the queries in the example, and remember to commit after writes.