Threat Intelligence Overview
The Threat Intelligence module provides contextual intelligence about threat actors, malware, ransomware groups, attack campaigns, and vulnerabilities relevant to your organization and industry. Unlike reactive security monitoring, this module helps you understand who is likely to target you, what tools they use, and where your exposure lies -- so you can prioritize defenses before an attack occurs.
Overview
Hero Metrics
Four clickable summary cards across the top of the dashboard. Each navigates to its respective module when clicked.
| Metric | What It Measures |
|---|---|
| Threat Actors | Total number of tracked APT groups and cybercriminal organizations in the database |
| Malware | Total number of malware families cataloged |
| Ransomware | Total number of ransomware groups tracked |
| ATT&CK Techniques | Total number of MITRE ATT&CK techniques mapped to known threat actors |
Dashboard Sections
Executive Threat Briefing
A three-panel section at the top providing at-a-glance intelligence:
- Threat Exposure Gauge -- A visual gauge showing your organization's overall threat exposure level based on sector targeting, CVE matches, and actor activity
- Sector Comparison -- How your sector's threat landscape compares to other industries
- Threat Score Trend -- Line chart showing your threat exposure score over time
Your Threat Profile
Personalized to your organization's industry sector. Displays:
- Actors targeting your sector -- Count of threat actors known to target your industry
- Campaigns in last 30 days -- Number of recent campaigns relevant to your sector
- Top Actors table -- A ranked list of the most relevant threat actors with their country, motivation, malware count, and campaign count. Click any actor to view their full profile.
Your Exposure
Cross-module correlation that connects threat intelligence to your actual attack surface:
- Products Detected -- Technologies found in your infrastructure during asset discovery
- Matching CVEs -- CVEs that affect your detected technology stack
- Critical -- Count of critical-severity CVEs in your exposure
- Actively Exploited -- CVEs in CISA's KEV catalog that match your stack
- Threat Actors -- Actors known to exploit CVEs matching your technology
- Top Risks -- The highest-priority CVEs, showing CVE ID, CVSS score, severity, KEV status, affected vendor/product, asset count, and associated threat actors
Analytics Cards
Two pairs of horizontal bar charts:
- Top Threat Actors by Country -- Which nations host the most tracked threat actors
- Actors by Motivation -- Breakdown by motivation (financial, espionage, disruption, ideology)
- Trending Actors (30 days) -- Actors with the most recent campaign activity (clickable to view profile)
- Trending Malware (30 days) -- Malware families appearing in the most recent campaigns
Recent Campaigns
A table of the latest attack campaigns with quick navigation to the full Campaigns view.
Modules
| Module | Description |
|---|---|
| Threat Actors | APT groups and cybercriminal organizations |
| Malware | Malware families and their capabilities |
| Ransomware | Ransomware groups, victims, and activity |
| Campaigns | Active attack campaigns and operations |
| Indicators of Compromise | IOCs for threat hunting and detection |
| Vulnerabilities (CVEs) | CVEs relevant to your environment |
| MITRE ATT&CK | ATT&CK framework mapping for threats |
Data Sources
ShadowMap aggregates threat intelligence from MISP (Malware Information Sharing Platform) and other curated feeds to provide actionable context. IOC data is continuously synchronized from MISP galaxy clusters.
Related
- Threat Feeds -- News and regulatory intelligence feeds
- Alerts -- Configure alerts based on threat intelligence findings
- Dashboard Overview -- Organization-wide security posture
- Dark Web Overview -- Dark web monitoring complements threat intelligence