Operating Picture
Apex Threat CTI — real-time situational awareness
Active Cases
2
+1 last 24h
IOCs in Queue
0
awaiting triage
Critical Verdicts
4
2 new this shift
ATT&CK Coverage
63%
+4% vs last week
IOC Volume — last 14 days
live
-14d-7dtoday
Source Health
Top Malware Families (7d)
| Family | Samples | Category | Trend |
|---|
Recent Activity
IOC Triage
Paste one indicator per line — IPs, domains, URLs, MD5/SHA1/SHA256.
Batch input
Verdict mix
Run a triage to see the verdict mix.
Results
0 indicators
| Indicator | Type | Verdict | Score | Sources | Context | Action |
|---|---|---|---|---|---|---|
| No results yet. | ||||||
Malware Sandbox — Static Analysis
Hash-intel fusion + static PE/PDF/Office indicator scoring. No live detonation.
Sample intake
Verdict
Submit a hash to see the verdict, severity, and family attribution.
Hash-intel sources
Awaiting sample.
Static indicators
PE header / imports / strings / entropy will appear here.
YARA-style tags
Capability tags will appear here.
ATT&CK techniques (inferred)
Technique mapping appears after analysis.
Phishing Analyzer
Paste raw headers — SPF / DKIM / DMARC evaluation, auth chain, embedded IOC enrichment.
Raw headers
Verdict
Awaiting headers.
Authentication
SPF / DKIM / DMARC results appear here.
Received chain
Hop-by-hop relay trace.
Extracted IOCs
Embedded URLs, IPs and attachments.
Domain Abuse Monitor
Watchlist-driven surveillance, lookalike / typosquat detection, reputation deltas.
Watchlist
5
active assets
Lookalikes (30d)
12
+3 this week
Confirmed abuse
2
takedown requested
Mean TTD
17m
↓ 8m vs last wk
Watched Assets
| Domain | Criticality | Lookalikes | Last check |
|---|
Detected Lookalike / Typosquat Domains
| Candidate | Target | Technique | Age | Verdict |
|---|
MITRE ATT&CK — Enterprise
Interactive tactic-by-technique matrix. Heatmap reflects observed techniques across your active cases.
Enterprise Matrix (Abbreviated)
cases
Heatmap:
· none
Low
Medium
High
Diamond Model of Intrusion Analysis
Four-vertex view linking adversary, capability, infrastructure, and victim with confidence scoring.
Vertex Detail
Click a vertex to inspect its attributes.
Meta-features
Incident Response — NIST SP 800-61 Lifecycle
Six-phase workflow with evidence log, timeline, and detection handoff.
Phase Playbook
Evidence Log
| Time | Phase | Action | Operator |
|---|
Lockheed Martin Cyber Kill Chain
Map observed activity onto the 7-stage intrusion model. Drag observations into stages.
Observed Artifacts
Stage Detail
Click a stage to inspect detection + response guidance.
Case Management
Apex-managed investigations with analyst assignments, timeline, and evidence log.
All Cases
| Case ID | Title | Actor | Severity | Phase | Analysts | Opened |
|---|
Case Timeline
Analyst Roster
Mention analysts in timeline notes with
@name.Feeds & Sources
Configured intelligence providers and their current status.
Providers
| Provider | Category | Status | Key | Rate limit | Last used |
|---|
Pyramid of Pain
Classify indicators by the pain they inflict on adversaries. Higher = harder to change.
Indicators
Pain Distribution
Center-of-mass appears here after scoring.
MITRE D3FEND Pairings
Offensive ATT&CK techniques mapped to defensive countermeasures.
Technique ↔ Defense Pairings
| ATT&CK | Technique | D3FEND Tactic | Defensive Techniques | Priority |
|---|
VERIS / NIST CSF
Breach taxonomy (A4 axes) and NIST CSF v2.0 function coverage.
VERIS A4 Classification
actor: —
action: —
asset: —
attribute: —
Select a case to classify.
NIST CSF v2.0 Coverage
Detections Library
Generate Sigma, KQL, SPL, Snort, and YARA from an ATT&CK technique.
Sigma
KQL (Sentinel)
SPL (Splunk)
Snort / Suricata
YARA
Sigma
Pick a technique and click Generate.
ATT&CK Coverage Heatmap
Detection coverage across the 14 Enterprise tactics.
Live Ops & Automation
Scheduled re-triage, watchlist, SOAR playbooks, IOC age-out.
Watchlist
| Indicator | Added | Last seen | Status |
|---|
Scheduled Re-triage
| Name | Cadence | Target | Next run |
|---|
SOAR Playbooks
| Playbook | Input | Started | Status |
|---|
IOC Age-out
Indicators older than 30 days are flagged stale.
Reports & Sharing
STIX 2.1 bundles, MISP events, TLP redaction, executive brief.
STIX 2.1
MISP Event
Exec Brief
TLP Redact Preview
STIX 2.1
Select a case and click Generate.
Blocklist
Curated IP/CIDR blocks with reason, severity, TTL, and analyst audit trail.
Active
0
Critical
0
Expiring <7d
0
Historical
0
Blocked Indicators
| IP / CIDR | Severity | Reason | Analyst | Tags | Added | Expires | Status |
|---|
Audit Log
| When | Action | IP | Analyst | Reason |
|---|
Export Preview
Pick a format and click Export.
Settings
Analyst preferences, API keys, and integration points.