Background Paths
Background Paths
Intelligence

Many sources. One feed.

The intelligence your analysts already monitor — normalised, correlated, tagged, and searchable from one console. Search any indicator, investigate any actor, and create reports without switching tools.

MITRE ATT&CK
MITRE D3FEND
STIX 2.1
TAXII 2.1
TLP 2.0
SIGMA
OpenIOC
CVE
CVSS v4
CWE
KEV Catalogue
Pyramid of Pain
ISO/IEC 27001
NIST CSF 2.0
ENISA
Diamond Model
MITRE ATT&CK
MITRE D3FEND
STIX 2.1
TAXII 2.1
TLP 2.0
SIGMA
OpenIOC
CVE
CVSS v4
CWE
KEV Catalogue
Pyramid of Pain
ISO/IEC 27001
NIST CSF 2.0
ENISA
Diamond Model
01The Feed

What your analysts see when they log in.

A live, severity-tagged, source-attributed feed — deduplicated across every source. Analysts click any item to investigate, pivot into related IOCs, or generate a report on the spot.

Illustrative Intelligence Feed
Sample · for illustration
CRIT
Active C2 callback detected — Finance sector
OSINTmoments ago ago
HIGH
Phishing kit impersonating a banking brand
OSINTmoments ago ago
HIGH
Emerging APT activity — regional targeting
OSINTminutes ago ago
MED
Exposed remote-access service — Government sector
OSINTminutes ago ago
CRIT
Credential exposure — Energy operator
Partnerminutes ago ago
CRIT
Critical vulnerability added to KEV catalogue
CVEminutes ago ago
02Capabilities

Six modes of intelligence, one analyst workflow.

IOC Vault

Structured indicators — IPs, domains, URLs, hashes, CVEs, emails — TLP-tagged, searchable, and exportable in STIX, CSV, and JSON for downstream tooling.

Threat actor library

Curated adversary catalogue with alias resolution. Recognise the same actor across naming conventions used by different research houses.

Domain reconnaissance

Permutation analysis surfaces typosquats, homoglyph attacks, TLD swaps, and brand impersonation across the public DNS estate.

Compromised credentials

Credential exposure monitored through authorised breach intelligence partners. Drill into individual exposures and cross-reference against rogue domain activity.

CVE & exploit tracking

Comprehensive vulnerability catalogue with KEV monitoring, CVSS scoring, known exploit availability, and attack-in-the-wild signals.

Multi-provider research

Analysts search once and get results from every connected provider in parallel. Public and licensed intelligence fused into a single answer — no tab-switching, no copy-paste.

03Who runs Heimdall

From CSIRTs to mobile-money fraud teams.

government
Government
National CSIRT, ministries, sovereign intelligence operations.
enterprise
Enterprise SOC
Senior analysts who want to search, investigate, and report from one workspace.
financial
Financial services
Banks, mobile money operators, payment processors.
telco
Telecommunications & Energy
Critical infrastructure operators with ICS / OT exposure.
critical
Critical infrastructure
Water, power, transportation. Air-gap-friendly deployments.

See your sector's feed.

Twenty-minute demo. Live data from your industry.