Threat Intelligence · 2025

Aegis — threat intelligence platform

Threat-intel platform unifying STIX/TAXII feeds with a graph explorer and analyst workbench.

Client

Aegis Security

Industry

Cyber threat intel

Duration

22 weeks

Year

2025

Threat-intelSTIXGraph

sec.aegis / audit-report

Hardening report

All severities closed

Pass

Critical

High

Med

Low

FindingStatus

Outdated TLS 1.0 endpoint detected

Fixed

Missing CSP on /admin

Fixed

Stale dependency: lodash 4.17

Patched

MFA recommended for service accts

Enforced

Fig. 01 — Production UI · 2025Aegis Security

Year

2025

What they needed to solve.

Analysts juggled MISP, Splunk, and email PDFs. Time-to-IOC enrichment was 22 minutes per indicator.

Our solution

How we approached it.

Unified graph explorer, ingest pipeline for 38 feeds, analyst workbench with annotation, MITRE ATT&CK overlay.

Web design

Design decisions.

Palette

#0a0e14

#1a212b

#e0622a

#ef4444

#22d3ee

Typography

AaInter — UI
AaGeist Mono — IOCs
AaIBM Plex Sans — narrative

Layout system

Graph-first canvas, severity-tinted edges, dense IOC tables.

Design highlights

Graph at 5k nodes 60fps
MITRE ATT&CK heatmap overlay
Annotation diff between analysts

Before · After

What changed.

sec.aegis / audit-report

Hardening report

All severities closed

Pass

Critical

High

Med

Low

FindingStatus

Outdated TLS 1.0 endpoint detected

Fixed

Missing CSP on /admin

Fixed

Stale dependency: lodash 4.17

Patched

MFA recommended for service accts

Enforced

After

sec.aegis / audit-report

Audit findings

0 of 12 remediated

Fail

Critical

High

Med

Low

FindingStatus

SQLi in checkout.php?id=

Open

XSS reflected on /search

Open

Open S3 bucket: backups-prod

Open

Weak admin password policy

Open

Before

Drag to compare ←→

Fig. 02 — Drag handle to reveal before / afterAegis Security

sec.aegis / audit-report

Audit findings

0 of 12 remediated

Fail

Critical

High

Med

Low

FindingStatus

SQLi in checkout.php?id=

Open

XSS reflected on /search

Open

Open S3 bucket: backups-prod

Open

Weak admin password policy

Open

Before

MISP + Splunk + email PDFs, manual ATT&CK mapping.

TTE

22 min

Feeds unified

Analyst NPS

ATT&CK auto

sec.aegis / audit-report

Hardening report

All severities closed

Pass

Critical

High

Med

Low

FindingStatus

Outdated TLS 1.0 endpoint detected

Fixed

Missing CSP on /admin

Fixed

Stale dependency: lodash 4.17

Patched

MFA recommended for service accts

Enforced

After

Unified graph, 38 feeds, automated ATT&CK overlay.

TTE

90s

Feeds unified

Analyst NPS

ATT&CK auto

94%

Results

What we measured.

01TTE 22m → 90s

0238 feeds unified

03Analyst NPS up 38 points

04ATT&CK mapping automated

Hemlock — made-to-measure tailoring

Quintessa — biodynamic wine estate