Profile
Quick Setup
Quickly configure your industry, platforms, locations, and threat actor interests
Subscription
Loading subscription info...
Current Plan
Grace Period Active
You have 30 days of access remaining. Subscribe to a plan to maintain your access.
Today's Usage
Cluster Views
0
Entity Views
0
Reports
0
Tracked Interests
0
Available Plans
Choose the plan that fits your threat intelligence needs
Dark Web Monitoring
Loading settings...
Dark Web Monitoring Requires Paid Subscription
Researcher and Business or MSSP tier subscribers can track ransomware victims and credential leaks for their organization.
Upgrade SubscriptionOnly organization owners and admins can change these settings.
Configure your company details for dark web threat monitoring
Used to monitor ransomware victims and breach mentions
Used to monitor leaked credentials from this domain
Flag anything across ransomware victims, groups, markets, and breaches that mentions these terms (e.g. supply chain). Case-insensitive, partial matches. Up to 100 keywords.
Tracked Entities
Pick the companies, platforms, threat actors, and other entities you care about. We'll tailor your threat feed to match.
Popular in this category
Your Tracked Entities
Blocked Entities
Clusters mentioning these will be hidden from all feeds
Custom Feeds
Create custom feeds to track specific entities. Each feed can have its own set of keywords for targeted monitoring.
Your Feeds
Feed Digest
Send scheduled digests from your custom feeds to team recipients, branded with your organization logo.
New Feed Digest
GPT will analyze all recent clusters and select those matching your prompt.
Looks back 24 hours for matching threats
No feed digests configured. Create one to start sending scheduled digests to your team.
In-App Notifications
Control which notifications appear in your notification bell.
Webhooks
Loading webhooks...
Webhooks Require Paid Subscription
Researcher and Business or MSSP tier subscribers can receive real-time notifications when tracked entities appear in new threat clusters.
Upgrade SubscriptionReceive real-time notifications when your tracked entities appear in new threat clusters.
We'll sign payloads with this secret using HMAC-SHA256
Your Webhooks
View example payload
{
"event": "cluster_match",
"timestamp": "2026-01-31T12:00:00Z",
"cluster": {
"id": "abc123",
"title": "APT29 Targets Government Agencies",
"threat_score": 0.85,
"url": "https://threatcluster.io/cluster/abc123"
},
"matched_entities": [
{"type": "apt_group", "value": "APT29"},
{"type": "cve", "value": "CVE-2025-1234"}
]
}
Signature header: X-ThreatCluster-Signature: sha256=...
Alert Rules
Loading alert rules...
Alert Rules Require Paid Subscription
Researcher tier gets 3 alert rules, Business tier gets 25, MSSP gets custom limits. Create advanced notification rules with multiple conditions.
Upgrade SubscriptionCreate advanced notification rules with multiple conditions
CVE Alerts
Get notified when new CVEs match your criteria. Filters by vendor, severity, CVSS, EPSS, KEV status, public PoC, and more.
New CVE Alert
Workflows
Loading workflows...
Workflows Require Paid Subscription
Researcher tier gets 3 workflows, Business tier gets 25, MSSP gets custom limits. Automate threat intelligence actions with multi-step workflows.
Upgrade SubscriptionAutomate threat intelligence actions with multi-step workflows. Workflows trigger when new clusters match your conditions.
Credentials
Store encrypted credentials for HTTP request actions. Secrets are encrypted at rest and never displayed.
API Access
tc CLI gives agents scoped, short-lived bearer tokens.
Loading API access info...
API Access Requires a Paid Plan
Researcher, Business, and MSSP plans get programmatic access to ThreatCluster data via the REST API and tc CLI.
Upgrade SubscriptionUse your API key to access ThreatCluster data programmatically.
You don't have an API key yet. Generate one to get started.
Save Your API Key Now
This is the only time you'll see this key. Copy it and store it securely.
tc_live_...****
-
Never
0
Rate Limits
30 requests per minute. Exceeding this limit will result in 429 Too Many Requests responses.
RSS, MISP & IOC Feed Token
Loading feed token info...
Full Feeds Require Paid Subscription
Researcher and Business or MSSP tier subscribers get access to full RSS and MISP feeds with 50 items. Free users can access limited public feeds (10 items) at /feed.xml and /misp/.
Upgrade SubscriptionUse your feed token to access full RSS and MISP feeds (50 items) programmatically. Add the token as a query parameter (?token=YOUR_TOKEN) or X-Feed-Token header.
You don't have a feed token yet. Generate one to get started.
Save Your Feed Token Now
This is the only time you'll see this token. Copy it and store it securely.
tc_feed_...****
-
Never
0
Feed URLs (Researcher & above)
https://threatcluster.io/api/feed.xml?token=YOUR_TOKEN
https://threatcluster.io/api/misp/?token=YOUR_TOKEN
Public feeds (10 items) are available at /feed.xml and /misp/ without authentication.
Affiliate Program
Loading affiliate status...
Join our affiliate program and earn 30% commission on every referral's first month subscription.
Program Benefits
- Earn $9 for each Researcher tier referral ($29.99/mo)
- Earn commission for each Business or MSSP referral
- 30-day cookie tracking for referral attribution
- Real-time dashboard to track visitors, leads, and conversions
- No minimum payout threshold - withdraw after 30 days
By joining, you agree to our Affiliate Program Terms.
Share your referral link to earn 30% commission on every new subscriber's first month.
Your referral link will be available in your dashboard. Click "Open Dashboard" below to get your link.
Your Stats
0
Visitors
0
Leads
0
Conversions
Access your full affiliate dashboard for detailed stats, payouts, and more.
Member since: -
Unable to load affiliate status. Please try again later.
Pending Invitations
Join Organization
Your email domain matches an organization that allows auto-join:
Organization
You are not currently a member of any organization. Organizations are managed by ThreatCluster administrators. If you believe you should be part of an organization, please contact your account manager.
Members
Leave Organization
You will lose access to all organization resources.
Customers
Manage customers you provide CTI services to
Add Customer
Feed Digest Subscriptions
Send daily digests from your custom feeds to customer recipients, branded with their logo.
New Feed Digest
GPT will analyze all recent clusters and select those matching your prompt.
Looks back 24 hours for matching threats
No feed digests configured. Create one to start sending branded daily digests to your customers.
CLI
Loading CLI setup…
Danger Zone
Permanently delete your account and all data