Threat Intelligence Aggregator

The bulk import feature allows you to paste any text containing threat intelligence, such as security reports or IOC lists. The tool automatically extracts IP addresses, domains, URLs, hashes, and emails from the text using pattern matching, then adds them to your database with medium severity and manual-bulk source tagging.

You can export IOCs in four formats: CSV for spreadsheet analysis, JSON for programmatic use, plain text for simple lists, and STIX 2.1 for industry-standard threat intelligence sharing. STIX exports include TLP (Traffic Light Protocol) markings for data classification.

The confidence score (0-100%) indicates how reliable an IOC is based on its sources. Manually added IOCs receive 75% confidence by default, while bulk imports get 60%. IOCs from multiple sources receive higher confidence scores, and the score is automatically adjusted based on corroboration across different feeds.

Threat intelligence feeds are external sources that automatically provide updated IOC data. The Feed Management tab shows all configured feeds with their status, last update time, and IOC counts. You can add new feeds, trigger manual updates, and configure feed settings to customize data ingestion.

Yes, the Collections feature allows you to group IOCs by campaign, incident, or any custom criteria. Collections help organize your threat intelligence for specific investigations or use cases. Each collection tracks its IOC count and last update time, making it easy to manage multiple concurrent investigations.