We focus on the first phase (Research) of the RIDE active defence framework, emphasizing the importance of efficient research in threat intelligence, specifically extracting meaning from unstructured data like reports and summaries to improve security controls. The article introduces a research data pipeline with steps for collecting, classifying, and analyzing threat information, using Microsoft's report on Volt Typhoon as an example.