Your feed.
Hyper specific.

Describe the feed in plain English. Attach the entities, sectors, and assets that matter to you. Get the only clusters you actually want to see, in a feed that's yours.

Build a feed How it works

Tell us what you care about.

Start with one sentence. "Ransomware activity against UK manufacturing." "CVEs in the products my top ten clients run." "Anything mentioning Scattered Spider, ALPHV, or their tooling."

AI translates that into a structured filter against the live entity graph. You see what got picked up, adjust if it missed something, and save. The whole loop is plain English in, working feed out.

Plain-English builder Structured filter Editable Saved per user
Plain-English feed builder click to expand
image · 1
AI feed builder
Modal showing a sentence prompt, the parsed entities/filters underneath, and a preview of the matching clusters.

Attach the entities you actually track.

Pin threat actors, malware families, vendors, products, CVEs, sectors, regions, or your own assets. The feed only fires on clusters that touch those entities, so you stop reading anything that isn't yours to read.

Mix and match entity types in one feed. A "client X exposure" feed might pin three vendors, two CVEs, and the actor groups known to exploit them. One feed, one tab, one story.

Entities attached to a custom feed click to expand
image · 2
Attached entities
Sidebar showing pinned entities in a feed: actors, malware, vendors, CVEs, with chips you can add or remove.

This is the actionable bit.

A global threat feed is interesting. A feed that only surfaces what affects your environment is actionable. The same cluster that's noise to everyone else is the one your client needs to know about today.

Custom feeds turn the platform from a reading list into a working surface. One per client, one per sector, one per investigation. Switch between them from the sidebar.

Per-client Per-sector Per-investigation Switchable
Custom feed showing only relevant clusters click to expand
image · 3
Actionable feed
Feed view filtered to a single client's pinned entities, with cluster cards in the main pane and the entity list on the side.

Built for MSSPs.

One feed per client. Each feed scoped to that client's asset list, vendors, and exposures. The analyst on the morning shift opens "Client A" and sees only Client A's world.

Feeds attach to the same per-customer scoping the rest of the platform uses, so workflows fired from a feed only ever route to that client's destinations. The right team gets the right alert, and nobody sees what they shouldn't.

One feed per client in the sidebar click to expand
image · 5
Per-client feeds
Sidebar listing custom feeds named after each client, with the active feed showing its scoped cluster list.

More of the platform

Entity IntelligenceProfile pages for every actor, malware, CVE, and tool WorkflowsTriggers, actions, per-customer scoping ReportsNotion-style editor with live blocks Real-Time ClusteringHow the feed itself is built IOCs and ExportsSTIX, MISP, SIEM ingestion CLI and HeadlessREST API, RSS, agent tool

One feed per client.
Built in a sentence.

Describe what you want to see. Pin the entities. Get the actionable, hyper-specific feed your team will actually open every morning.

Build a feed Read the brochure