If you put it at the end, you could then compare your suggested threat intel framework against currently available environments and tools. If you put it up front, it should help build the narrative as to why your work is needed.
[ ] I feel like your suggested threat intel framework should also include some basics of setting up what you had in your prototype. I think currently you have it in the test case area - which is fine, but I guess it begs the question if your configuration is a test case or a recommendation/suggestion for configuration.
Really this is the point of the paper.
If you put it at the end, you could then compare your suggested threat intel framework against currently available environments and tools. If you put it up front, it should help build the narrative as to why your work is needed.