Threat Intelligence
Real-time threat monitoring & IOC tracking
PLATFORM FEATURES

Features

ThreatWatch consolidates threat intelligence from trusted sources, filters it to your environment, and delivers it through the channels you prefer.

ASSET MATCHING

Asset-Aware Threat Management

Match live threats to the technology you actually run

Asset Inventory

Track your assets manually, via SBOM (CycloneDX / SPDX), smart import, or scanner import (Tenable, Qualys, Rapid7) — then auto-match CVEs, KEV and advisories to each asset.

Exploit Intelligence

CISA KEV, EPSS exploit-probability and exploitation-maturity signals rank what's actually being attacked first — with live GreyNoise active-exploitation lookups on Enterprise.

Risk Scoring

Severity-weighted match scoring with internet-facing exposure and business-criticality context.

REPORTING

Reporting, Compliance & Remediation

From findings to audit-ready evidence

Posture & PDF Reports

A full library of report types — executive, posture, compliance, asset-inventory, remediation-SLA, exposure and more — with narrative, charts and one-click PDF export.

Compliance Mapping

Findings map to SOC 2, ISO 27001, PCI DSS and NIST CSF controls, with evidence push to ClearTrust GRC.

Remediation & Integrations

Owner-aware remediation with SLAs, bulk actions and MTTR tracking — plus Jira ticketing, Slack and Microsoft Teams via the RogueLogics platform integrations hub.

COMPLIANCE

Threat Aggregation

All your intelligence in one place

CISA KEV Catalog

Real-time tracking of CISA's Known Exploited Vulnerabilities — the threats actively being used in the wild.

NVD / CVE Database

Continuous monitoring of the National Vulnerability Database for newly published CVEs with CVSS scoring.

CISA Advisories

Critical cybersecurity alerts, advisories, and ICS-CERT notifications from CISA.

GitHub Advisory Database

Reviewed security advisories from GitHub covering open-source package vulnerabilities across all ecosystems.

URLhaus Malicious URLs

Active malicious URL tracking from abuse.ch — detect malware distribution and phishing sites in real time.

Feodo Tracker Botnets

Botnet command & control server intelligence from abuse.ch — track Emotet, TrickBot, QakBot and more.

THREAT INTEL

Smart Filtering & Customization

Only see what matters to you

Environment Filters

Filter by cloud, on-premises, hybrid, or containerized environments to focus on relevant threats.

System & Platform Targeting

Choose specific platforms — Windows, Linux, macOS, network devices, web applications, and more.

Severity Thresholds

Set your minimum severity level. Get alerted for critical and high only, or include medium and below.

Custom Rules (Enterprise)

Define custom matching rules based on keywords, vendor names, or specific CVE patterns.

ALERTING

Notification Channels

Get alerted where you work

Email Digests

Daily or weekly email summaries with threats ranked by severity and relevance to your filters.

Slack Integration

Push alerts directly to your Slack channels with severity badges and one-click dashboard links.

Microsoft Teams

Adaptive card notifications in Microsoft Teams with threat details and action buttons.

In-App Notifications

Full notification center in your ThreatWatch dashboard with read/unread tracking.

WHAT'S NEXT

Coming Soon

Capabilities rolling out across the RogueLogics platform

Unified Inbox & Reports

Coming soon

See ThreatWatch's critical matches, known-exploited CVEs, and overdue remediation in one platform-wide inbox — alongside every other RogueLogics app — with a shared report center.

Install & Push Notifications

Coming soon

Add ThreatWatch to your desktop or phone home screen and opt in to push alerts, so urgent threats reach you even when the app isn't open.

Host-Level CVE Resolution

Coming soon

Resolve installed-package manifests from credentialed host scans straight to CVEs, sharing ThreatWatch's version-aware matching engine with BreachLens host scanning.

Exploited-in-the-Wild Prioritization

Coming soon

A KEV / EPSS ribbon flags the CVEs attackers are actively exploiting, so your queue surfaces the threats with real-world exploitation first.

IOC Feeds to Threat Hunting

Coming soon

Curated indicator-of-compromise feeds export to SentinelOps for retro-hunting and detections, turning ThreatWatch intelligence into active SOC detections.

GET STARTED

Ready to Get Started?

Start with our Free plan — no credit card required.