Threat Intelligence

Threat Feed

Our Threat Feed service specializes in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, Meterpreter, and more. 

This feed comprises lists of IP addresses designed for the detection/blocking of egress traffic. Additionally, as an Add-On to this service, we offer IP and Port combinations to enhance your threat detection capabilities.

Private Threat Briefs

This service encompasses over 25 private reports annually. These reports follow a format similar to our public reports but are more concise in nature. In contrast to our public reports, these briefs are typically released shortly after an intrusion. An example Threat Brief can be found here.

All Intel

Our comprehensive All Intel service includes the Threat Feed, Private Threat Briefs, exploit events, long-term infrastructure tracking, clustering, Cobalt Strike configurations, C2 domains, and a curated collection of intelligence, which includes non-public case data.


Pricing is dependent on use. Please Contact Us for pricing and/or questions.

Threat Intel Platform
Our Threat intel is made available using MISP which can be accessed via web app, API, or MISP Sync. The intel can be exported to txt, csv, STIX, MISP, etc. as needed to import into your IDS, SIEM, EDR, SOAR, XDR, etc. If you require assistance with the setup in your environment, we are here to support you every step of the way.