HuntScope

Research. Report. Hunt.

Turn threat signals into defender-ready reports.

HuntScope helps security teams research threat activity, create focused briefs, and turn findings into practical hunt hypotheses.

Built for defensive threat research, reporting, and hunt creation.

Research Enrich CVEs, actors, stories, and ATT&CK techniques with trusted sources.

Report Create audience-aware briefs for executives, SOC analysts, responders, and customers.

Hunt Convert threat behavior into hypotheses, telemetry needs, and starter queries.

Backend Status

Use Check Feed Status to verify NVD, CISA KEV, MITRE ATT&CK, OTX configuration, and the report database.

Guided Report Builder

Paste a signal, choose an audience and industry, then generate a defender-ready report.

Threat Actor Research

Profile actors by aliases, TTPs, exploited CVEs, recent activity, and key takeaways.

Vulnerability Research

Check CVE metadata, NVD severity, CISA KEV presence, affected software, and exploitation status.

Hunt Builder

Convert actor behavior and ATT&CK techniques into a hypothesis, data source, and starter query.

Weekly Security Stories

Track breach-focused news, extract technical details, and route stories into actor or CVE research.

Report Library

Save generated briefs and hunt hypotheses to a searchable local database.

Guided Flow

Create Report

1. Scope 2. Signal 3. Generate 4. Review

Report template Audience Industry lens Working title Paste threat signal Known sources Confidence

Choose a template, paste a signal, and generate a report preview.

Review Checklist

Sources included Confidence assigned Industry lens selected NVD/CISA KEV checked when CVEs are present ATT&CK techniques mapped when behavior is described Offensive details removed Mitigations and next actions included

Workflow 1

Threat Actor Research

Actor Name:
Aliases:
TTPs:
Exploited Vulnerabilities:
Key Takeaways:

MITRE and OTX results will appear here.

Workflow 2

Vulnerability Research

Vulnerability Name:
Date Added:
Actively Exploited:
CVE Number:
Base Score:
Synopsis:
Vulnerable Software:

Load the CISA KEV catalog, then enter a CVE to check active exploitation.

Workflow 3

Hunt Builder

Threat actor Industry lens Tactic or technique Environment Data source Query flavor

Hypothesis:
Data Source:
Query:
This query is looking for:

Database

Report Library

Select a saved report to preview it here.

Workflow 4

Security Stories

Headline Synopsis Key takeaways

BleepingComputer The Hacker News Dark Reading The Register Security

Product Notes

Extracted Functionality and Recommendations

Functionality Extracted

Threat actor profile generation with names, aliases, TTPs, CVEs, and takeaways.
CVE research flow using NVD and CISA KEV as authoritative checks.
Threat hunt hypothesis builder grounded in MITRE ATT&CK technique selection.
Weekly breach-story triage from security news sources, excluding broad trend reports.
Structured outputs that can be copied into reports, tickets, and knowledge bases.

Recommended Improvements

Add source citations and retrieval timestamps to every answer.
Separate analysis from confidence level so readers can distinguish facts, vendor attribution, and inference.
Use live connectors for CISA KEV, NVD, MITRE ATT&CK, OTX, vendor advisories, and trusted news feeds.
Add moderation and safety guardrails so the app supports defensive research without providing offensive instructions.
Introduce community submissions with review status, duplicate detection, and visible provenance.
Export briefs as Markdown, PDF, STIX-like JSON, Sigma/YARA placeholders, or case-management notes.
Add saved collections for actors, CVEs, incidents, hunts, and source watchlists.