Six pre-configured threat feeds, 50K+ IOCs indexed locally, bulk checking, and automated threat briefings. All the intelligence your team needs, aggregated in one place. No cloud.
The Problem
Threat intelligence is scattered across dozens of feeds, formats, and vendors. AlienVault OTX uses one format. URLhaus uses another. CISA KEV publishes a catalog. Emerging Threats publishes rulesets. Your team needs all of it, but nobody has the time to aggregate, normalize, deduplicate, and make it actionable.
Enterprise TI platforms cost $50K+ per year and require dedicated analysts. Recorded Future, Mandiant, and ThreatConnect are built for large SOCs with full-time intelligence teams. Small and mid-size security teams end up with a bookmarked list of dashboards they check manually -- if they check them at all.
BTA ThreatFeed aggregates six major open-source intelligence feeds into a single local database. IOCs are normalized, deduplicated, and searchable. Bulk-check a list of indicators in seconds. AI generates threat briefings from aggregated data. No $50K platform. No cloud upload.
Features
Aggregate, search, check, and brief. No cloud dependency.
Pre-Configured Feeds
Unified database for IP addresses, domains, file hashes, URLs, and email addresses. Normalized and deduplicated across all feeds. Full-text search with filtering by type, source, and date.
Paste a list of IPs, domains, or hashes and get instant results. Which indicators are known malicious? Which feeds flagged them? What's the associated malware family? Bulk check via UI or API.
Reference profiles for known threat groups: APT29, Lazarus Group, FIN7, Scattered Spider, and more. TTPs mapped to MITRE ATT&CK. Historical campaign timelines and targeting patterns.
Generate executive-ready threat briefings from aggregated intelligence. AI summarizes active campaigns, trending IOCs, and sector-specific threats. Export as PDF or Markdown for stakeholder distribution.
Create watchlists for specific indicators, threat actors, or malware families. Get notified when new intelligence matches your criteria. Integrates with BTA SIEM for automated correlation.
Feeds sync automatically on a configurable schedule. New IOCs are indexed and available for search within minutes. Historical data retained for trend analysis and retrospective investigation.
How It Works
Six pre-configured feeds begin syncing on first launch. AlienVault OTX, URLhaus, Feodo Tracker, CISA KEV, Emerging Threats, and PhishTank. Custom feeds can be added.
All indicators are normalized, deduplicated, and stored in a local SQLite database. No data leaves your machine. Search by IP, domain, hash, URL, or email in milliseconds.
Look up individual indicators or paste an entire list for bulk checking. API endpoint available for integration with SIEM, SOAR, and custom tooling.
AI analyzes aggregated intelligence and generates a threat briefing tailored to your industry and infrastructure. Export to PDF for executive distribution.
Pricing
Flat-rate pricing. All feeds included. No per-query charges.
BTA ThreatFeed is coming Q4 2026. Join the waitlist for early access.