Workflow
Threat intelligence tools for analysts
Threat intelligence tools should help analysts move from raw indicators to decisions: enrichment, pivots, context, confidence, and actionability. This category groups tools that support IOC triage, infrastructure investigation, malware context, exploited vulnerability prioritisation, and adversary behaviour mapping.
Curated list
Threat Intelligence tools
Compare by purpose, pricing, tags, and investigation workflow. These are not ranked yet — the goal is to help pick the right tool for the job.
A browser-based URL analysis platform for screenshots, DOM, network requests, certificates, redirects, and phishing investigations.
Aggregates detections and relationships across many security vendors. Useful for reputation checks and pivoting from IOCs into related infrastructure.
A common language for adversary behavior, useful for detection coverage, threat modeling, CTI reports, and SOC workflows.
A public reporting and investigation platform for crypto scams, fraud, malicious wallet activity, and Web3 abuse reports.
Authoritative catalog of vulnerabilities known to be exploited in the wild. Useful as a prioritization signal for vulnerability response.
abuse.ch project for malware sample submissions, hashes, tags, families, and related intelligence useful for defenders and researchers.