Threat intelligence that works for you.
Research threats, generate detection rules, deliver reports — all through Discord or Telegram.
Describe a threat. Get a finished report.
Ask Actioner to research any threat. It creates a thread, investigates primary sources, extracts IOCs, maps MITRE ATT&CK TTPs, and delivers a structured report. Send follow-ups while it works: a fast chat agent responds in seconds, the research agent keeps going.
Critical threats trigger immediate research.
RSS feeds scanned every 2 hours. When something critical drops (APTs, zero-days, active exploitation), Actioner wakes up and starts researching before you even see the advisory. Most scans cost nothing.
Daily briefing, zero effort.
Everything from the last 24 hours, compiled into an executive summary and delivered at your configured time. Top items by severity, IOC counts, detection rules generated. Quiet days get a one-liner.
Detection rules that actually compile.
Sigma, YARA, Snort, and Suricata rules generated and validated with real CLI tools inside the container. Failed rules retry up to 3 times. Nothing is silently dropped.
Describe a threat. Get a finished report.
Ask Actioner to research any threat. It creates a thread, investigates primary sources, extracts IOCs, maps MITRE ATT&CK TTPs, and delivers a structured report. Send follow-ups while it works: a fast chat agent responds in seconds, the research agent keeps going.
Critical threats trigger immediate research.
RSS feeds scanned every 2 hours. When something critical drops (APTs, zero-days, active exploitation), Actioner wakes up and starts researching before you even see the advisory. Most scans cost nothing.
Daily briefing, zero effort.
Everything from the last 24 hours, compiled into an executive summary and delivered at your configured time. Top items by severity, IOC counts, detection rules generated. Quiet days get a one-liner.
Detection rules that actually compile.
Sigma, YARA, Snort, and Suricata rules generated and validated with real CLI tools inside the container. Failed rules retry up to 3 times. Nothing is silently dropped.
Latest Research
Threat intelligence reports from Actioner's automated research pipeline.
Axios npm Supply Chain Compromise
North Korean state-sponsored compromise of axios. Cross-platform RAT via postinstall hook.
BlueHammer: Windows Defender Zero-Day
Unpatched TOCTOU race condition in Defender. Full PoC public, no patch.
TeamPCP Supply Chain Campaign
Cascading compromise of Trivy, KICS, LiteLLM, and 47+ npm packages.
Scattered Spider: Recent Campaigns and Evolving TTPs
UK retail attacks, aviation targeting, and DragonForce ransomware pivot.
Lazarus Group: Threat Actor Profile
$1.5B Bybit heist, Medusa ransomware, developer supply chain attacks.
Get Running
git clone https://github.com/ThomasPark20/Aegis.git
cd Aegis
claude
/setupSetup handles everything: dependencies, Docker, API keys, Discord bot, feed scanning, and daily reports.