Threat Intelligence
Threat intel as an input to your queue — not another console.
What this replaces
Threat feeds pile up in a separate tool while the vulnerability queue is prioritized by CVSS alone — so known-exploited issues wait behind theoretical criticals.
What Offload does
Indicators ingested from nine external providers, IOCs managed with confidence and aging, actors and campaigns modeled in STIX 2.1 — and correlated onto the platform's own findings to sharpen prioritization.
What you get
- Nine live providers: CISA KEV, AlienVault OTX, Abuse.ch, Feodo Tracker, SSL Blacklist, PhishTank, Blocklist.de, Spamhaus DROP, OpenPhish
- Per-team encrypted API keys for authenticated feeds
- IOC management with confidence, severity, aging, and IOC-to-finding correlation
- Vulnerability prioritization with threat context applied to your own queue
- STIX 2.1 threat actors and campaigns with kill-chain, TLP, and MITRE mapping
- MITRE ATT&CK heatmap from ingested actor techniques
- Alert rules, threat hunting, and landscape reports
How it works
Feeds are pulled through a provider factory with real ingestion and per-provider parsers; failures are classified rather than silently swallowed. Indicators age so stale intelligence decays.
Correlation runs against unified findings: a KEV or IOC match on one of your vulnerabilities raises its priority in the queue your team already works from.
One platform, one risk view
Threat context enriches unified vulnerability management and the risk register, powers the MITRE heatmap, and can trigger central alerts.