When you are responding to severe intrusions, it has been gospel for the past years to observe, learn and plan before your start cleaning up. This is very sound advice, and probably the only way you can successfully evict a determined and mission driven adversary from your networks. But when is the right time? When do you actually know enough to evict, and more importantly, resist immediate re-entry? Enter the Cyber Threat Intelligence Matrix.