Click any entity.
Get the full picture.

Every threat actor, malware family, tool, CVE, vendor, and technique mentioned anywhere on the platform has its own intelligence page. Built from the platform's own data, not a static reference book.

Browse entities How it works

The full intelligence page.

AI-generated overview, recent events, threat profile, and frequency tracking from first seen to last seen. Drawn from the intelligence the platform has collected on this entity, not from a third-party threat database.

The threat profile covers capabilities, delivery methods, targeted platforms, target regions, target sectors, common TTPs, associated campaigns, and associated CVEs. Every section is derived from co-occurrence in the cluster data.

Entity intelligence page click to expand
image · 1
Entity intelligence page
Entity page header with frequency, first seen / last seen, AI overview, threat profile.

Living, not static.

Every entity profile updates as new clusters land. New campaign mentioning this APT? It surfaces in the recent events block within minutes. New malware family observed in the same campaigns? It appears in the relationship graph on the next render.

Frequency charts plot mentions over time so you can see when an entity went quiet, when it returned, and when its activity spiked.

Entity frequency chart over time click to expand
image · 2
Frequency tracking
Sparkline or time-series chart of entity mentions per day, with "First Seen" and "Last Seen" markers.

Relationship graph.

Every entity page maps its connections to other entities visually. Which threat actors use which malware. Which malware targets which platforms. Which CVEs are associated with which campaigns.

Explore laterally across the graph to find connections that aren't obvious from reading individual clusters. A tool used by three unrelated APTs is a story; a malware family targeting the same six platforms across a year is a pattern.

Threat actors Malware Platforms CVEs
Relationship graph for an entity click to expand
image · 3
Relationship graph
D3 force graph with the central entity surrounded by connected APTs, malware, platforms, CVEs, and tools.

Searchable, browseable, exportable.

Search by name across every entity type. Browse by category, by frequency, or by recent activity. Export individual entity profiles as JSON, or pull the underlying relationship data via the REST API for downstream graph analysis.

For IOC-type entities (IPs, domains, hashes, emails, crypto wallets), the entity page also surfaces the AI confidence verdict and the underlying reason. See IOCs and Exports for the validation pipeline.

Entity search and browse click to expand
image · 4
Entity browser
/explore page with entity type filters, search bar, and entity cards in a grid.

More of the platform

Real-Time ClusteringHow the threat graph is built Exposure ManagementAsset inventory ranked by CISA SSVC Threat HuntingIndustry threat models with SIEM-ready queries IOCs and ExportsSTIX, MISP, SIEM ingestion ThreatCluster AIInvestigation assistant with inline citations CLI and HeadlessREST API, tc command, agent tool

Every entity. Every connection.
One page.

Drawn from the intelligence the platform has collected, not copied from a third-party reference book. Updates as the situation does.

Browse entities Read the brochure