17 entity types.
Automatically extracted.

Every article is enriched with threat actors, malware, CVEs, TTPs, IOCs, and more. No manual tagging required.

Browse Entities Learn More

Extraction

What Gets Extracted

Our AI models extract these entity types from every article:

Threat Actors

APT Groups

State-sponsored threat actors

APT29, Lazarus Group, Volt Typhoon, Scattered Spider, APT28

Ransomware Groups

Ransomware-as-a-service operators

LockBit, BlackCat, Cl0p, Play, Akira, 8Base, Medusa

Campaigns

Named threat operations

Operation Triangulation, SolarWinds, Log4Shell exploitation

Malware & Tools

Malware Families

Malicious software strains

Cobalt Strike, AsyncRAT, Emotet, QakBot, IcedID

Tools

Offensive security tools

Mimikatz, Metasploit, Impacket, BloodHound, PowerSploit

Attack Types

Attack methodologies

Phishing, DDoS, Supply Chain, Zero-Day, BEC

Vulnerabilities & TTPs

CVEs

Common Vulnerabilities and Exposures

Extracted with severity scores and exploitation status when available

MITRE ATT&CK TTPs

Tactics, Techniques, and Procedures

T1566 Phishing, T1059 Command Execution, T1486 Data Encrypted for Impact

Indicators of Compromise (IOCs)

IPv4/IPv6

C2 servers, malicious IPs

Domains

Malicious domains, phishing

File Hashes

MD5, SHA1, SHA256

URLs

Malicious endpoints

Context & Attribution

Companies

Targeted organizations

Industries

Healthcare, Finance, Gov

Countries

Geographic targeting

Platforms

Windows, Linux, Cloud

How It Works

How Entity Extraction Works

01

AI Analysis

Fine-tuned models analyze article content, understanding context and relationships between entities.

02

Validation

Extracted entities are validated against known databases (MITRE, NVD, threat actor databases).

03

Linking

Entities are linked across articles, building a knowledge graph of threat relationships.

Use Cases

Use Cases

Threat Hunting
Search for specific IOCs, malware families, or threat actors across all ingested articles.
IOC Collection
Export IPs, domains, and hashes from threat clusters to feed into your SIEM or firewall.
TTP Mapping
Understand attack patterns with MITRE ATT&CK mappings. Export to ATT&CK Navigator.
Attribution Research
Track threat actor evolution over time. See all articles mentioning a specific APT or campaign.
Vulnerability Tracking
Monitor CVEs from first disclosure to active exploitation. Get the full context from multiple sources.
Industry Monitoring
Filter threats by industry to focus on attacks targeting your sector.

Explore Extracted Entities

Browse threat actors, malware families, CVEs, and IOCs extracted from thousands of threat intelligence articles.

Browse Entities View Pricing