For many organizations there is a good source of cyber intelligence right under their nose. Few have have tapped into this resource. It’s your help desk / support desk / client services or what ever you call it. This is the place where users call when they are having computer issues. As it happens sometimes cyber attacks manifest themselves in just such a fashion.
Many client side attacks that are part of cyber threat actor arsenals can cause issues in the client system. IE crashes when a certain site is visited, the PDF opens but is blank, the word document also opens a command window, etc. Fortunately for us cyber sleuths many times the user will call the help desk and report the issue. Hopefully your help desk has a ticketing system (like Remedy or Peregrine) that you can search in.
Once a week I go into our help desk ticketing system and search for the following:
IE / Internet Explorer
Word, PowerPoint, Excel
Other terms depending on current activities
Honestly I do not find things every week but I feel it is well worth the 30 minutes a week I spend.