Reports that
stay current.

Threat reports go stale on the day you write them. ThreatCluster reports are live. Dynamic blocks re-fetch on every render, so a weekly brief you built six months ago opens with this week's activity.

Open the page How it works

Notion-style editor.

Familiar block editor. Headings, lists, paragraphs, quotes, code, images, the same building blocks any analyst already knows. Slash commands open the block picker. Drag to reorder.

Every report block carries a stable ID, so reorders and edits don't break the underlying data refresh. Save, close, come back tomorrow, the report is exactly where you left it.

Notion-style report editor click to expand
image · 1
Editor
Notion-style editor with slash menu open showing AI / Headings / Lists / Blocks.

Dynamic content blocks.

Drop in blocks that stay in sync with your live data. Threat feed, dark web activity, CVE watch, trending entities, key statistics, trend charts, breakdowns by region or sector, AI-generated narrative sections.

Every block re-fetches at render time. A weekly brief you built six months ago reports on this week's activity. Set it up once, it stays current.

Threat feed Dark web CVE watch Trends
Dynamic content block picker click to expand
image · 2
Dynamic block picker
Block menu showing Threat Feed / Dark Web Activity / CVE Watch / Trending Entities / Key Statistics / Breakdown / Trend.

Pick a layout.

Built-in templates for executive briefings (business-framed, KPI-led, low jargon), technical deep-dives (IOC tables, CVSS / EPSS, MITRE mappings, detection guidance in Sigma / KQL / SPL), incident reports (timeline-driven, evidence-anchored), and MSSP customer briefings (white-labelled, scoped to the client's estate).

Save your own layouts and reuse them. New report from a saved template starts pre-populated with the blocks and structure you've already validated with stakeholders.

Pick a layout dialog click to expand
image · 3
Layout picker
Modal with template cards: Blank, Incident Report, Vulnerability Advisory, Weekly Threat Brief, Executive Briefing, plus saved templates.

Sharing modes for every audience.

Private drafts visible only to the author. Restricted access by invited email (login required). Public web URL with no login required. PDF export, Markdown / HTML export, or direct email send.

Customer-scoped reports prompt for confirmation before going public, so a client briefing doesn't get accidentally exposed via a shareable link.

Share Report modal with Private / Restricted / Public click to expand
image · 4
Share modal
Three radio options (Private, Restricted, Public), shareable link, invite-by-email field.

White-label and scheduled delivery.

Tag a report with a managed customer and the customer's name, logo, brand colours, and contact details replace ThreatCluster's everywhere. Rendered HTML, PDF headers, email from-line. One analyst, ten branded briefings on a Monday morning.

Schedule delivery daily, weekly, monthly, or quarterly. Pick a time of day, pick recipients, pick whether to send a viewable link or a PDF attachment. Reports re-render at send time so what lands in the inbox is current.

Send Report dialog with frequency and time selectors click to expand
image · 5
Schedule dialog
Send Report modal with recipient list, viewable-link / PDF toggle, frequency dropdown, time-of-day picker.

More of the platform

Exposure ManagementAsset inventory ranked by CISA SSVC Threat HuntingIndustry threat models with SIEM-ready queries Dark Web MonitoringIn-house collection across leak sites and forums IOCs and ExportsSTIX, MISP, SIEM ingestion WorkflowsTriggers, actions, per-customer scoping For MSSPsPer-customer scoping across the platform

Stop rewriting
last week's report.

Set up the report once, schedule it, and let the dynamic blocks do the refresh. White-label per customer for a Monday morning that doesn't start with a copy-paste.

Open the page Read the brochure