System Status: Operational

DarkStar Research · Platform Overview

ΛPERTUREThreat Intelligence Platform

Context is power.

The threat intelligence platform that turns raw threat data into prioritized, actionable intelligence, enriched against global sources and cited to evidence, automatically.

Built for CTI analysts, SOC teams, and security leaders who are drowning in feeds but starving for signal.

Built-in tools

BaitBoxnarfAISkills & LoadoutsPIR & IntelOSINT & APIInvestigationsProactive HuntChainTrace

Your current threat intel stack gives you reports. Aperture gives you context.

Instead of juggling feeds, PDFs, and pivot tabs, Aperture automatically processes, enriches, and correlates global threats, then routes only what matters to your environment.

01 · The Story

Scenario: an analyst's week

Priority Intelligence Requirements define what threats matter to your organization.Monday: you set a PIR. Thursday: you get an alert. Here's what happens in between.

PIR Lifecycle: "Enterprise VPN Gateways"
Day 1

Analyst action: Adds PIR "Monitor all enterprise VPN gateway vulnerabilities".

System begins watching global feeds for this pattern. Proactive Hunt generates targeted search queries.

Day 2–3

Proactive Hunt: Automated search cycles run every 4–6 hours, scanning the web for VPN gateway content beyond your RSS feeds.

New sources discovered and ingested into the pipeline automatically.

Day 4

NEW INTEL DROPS: CVE-2026-1337 (Critical VPN Gateway RCE)

00:00Collection: Signal detected in feed.
00:12Extraction: Severity 9.8 extracted. Versions 10.0 – 10.2 identified.
00:24Enrichment: NVD queried. Exploits searched. TTPs (T1190) mapped.
00:58Deep Research: narfAI finds 3 related threat actor campaigns.
01:16PIR MATCH:Matches "Enterprise VPN Gateways" → alert triggered.
01:26Delivered: Analyst receives enriched brief with remediation steps.
Total time: 86 secondsZero human intervention required

02 · Who It's For

Built for the teams that need it most.

CTI Analysts

Pain point

Too many feeds, not enough time to analyze them all.

Solution

Automated enrichment + narfAI research partner.

SOC Teams

Pain point

Alert fatigue and lack of threat context.

Solution

PIR-based filtering. Only relevant alerts.

MSSPs

Pain point

Scaling intelligence across multiple clients.

Solution

Multi-tenant, automated processing.

Security Leaders

Pain point

Lack of visibility into the threat landscape.

Solution

Executive briefs and trend analysis.

03 · Inside The Engine

From raw feeds to prioritized intelligence.

Threats are processed automatically: who is targeting what, how, and where. A continuously updated picture of your threat landscape, with every claim traced to source.

  1. 01

    Continuous Polling + Proactive Hunt

    Monitors threat feeds, advisories, and dark web sources 24/7. Proactive Hunt goes beyond your feeds, searching the web for threats matching your PIRs.

  2. 02

    Correlation & Enrichment

    Agents extract STIX objects, map TTPs, enrich every indicator, and stitch threats to actors and campaigns.

  3. 03

    Delivery

    You get processed intelligence and a research partner that cites its work.

AperturePipeline view
IngestGlobal feeds polled and deduplicated14 sources
HuntProactive search beyond your feeds3 new URLs
NormalizeIntel feeds processed and structured42 feeds
ExtractSTIX objects and TTPs mapped by agents12 objects
ScoreQuality and confidence assessment0.89 conf.
DeliverPIR match, cited brief routed to the teamAPT29 · brief sent

Stop drowning in feeds. Start making decisions.

Aperture does the reading so your analysts can do the thinking.

04 · Capabilities

Built for real-world cybersecurity.

Real problems. Real solutions.

narfAI Research Partner

Legacy platforms give you dashboards. narfAI gives you a research partner.

It’s not just a chatbot. It’s a multi-agent system that reasons over your entire repository, correlates TTPs, and answers questions with full citations. It’s the difference between a library and a librarian.

Multi agentCitation backedAttribution

Proactive Threat Hunt

Don’t wait for threats to land in your feeds. Proactive Hunt goes out and finds them.

An automated search worker runs on a configurable schedule, generating queries from your PIRs and watchlists, scanning the web for emerging threats, and ingesting new intelligence directly into your pipeline. LLM-driven follow-up queries adapt to what it finds.

PIR-driven queriesConfigurable scheduleAuto dedupLLM follow-up

ChainTrace

Your vendors are part of your attack surface. ChainTrace maps and scores the risk.

AI-powered deep research evaluates third-party vendors, products, and software components. NIST-based risk scoring with historical trend analysis, and automatic correlation against your existing threat intelligence. Know your supply chain risk before it becomes your incident.

Vendor riskNIST scoringDeep researchIntel correlation

Priority Intelligence Requirements

Define what matters ("Healthcare", "Cobalt Strike"). We filter the noise and alert you only when it hits.

PIR matchingNoise filtering

Auto Enrichment

Every indicator is cross-referenced against global feeds, reputation DBs, and DNS telemetry instantly.

ReputationDNS telemetry

BaitBox

Detonate suspicious URLs in a sandboxed environment. Screenshots, redirect chains, forensic analysis, SSL inspection, and AI-powered phishing verdicts with a confidence score.

URL detonationForensicsOSINT

Investigations

Team-scoped investigation workflows. Create cases, track evidence, manage findings, and collaborate with priority and status tracking across your team.

Case managementEvidence tracking

Skills & Loadouts

Modular analytical capabilities that power narfAI agents. Browse, create, and share skills across your team. Loadouts configure agent behavior for specific missions.

ModularShareable

Research & Knowledge Base

Build your personal threat research library. Save conversations, create notes, bookmark articles, and organize everything with folders, tags, and starred items.

NotesBookmarks

Detection Rules

AI-powered rule generation from threat intelligence. Sigma, YARA, Snort, Splunk SPL, and more. Generate, test, version, and deploy detection rules from IOCs and malware analysis.

SigmaYARASnort

Intel Feed Hub

Manage threat actors, campaigns, malware families, vulnerabilities, and IOCs in one place. ATT&CK mapping, watchlists, and automated feed processing from RSS, API, and TAXII sources.

ATT&CKWatchlists

05 · Platform

Everything you need. Nothing you don't.

A complete threat intelligence workflow, from ingestion to investigation to reporting.

Intel Feeds

RSS, API, TAXII ingestion

AI Agents

LangGraph orchestration

narfAI Chat

Research partner with RAG

BaitBox

URL detonation & forensics

PIR Management

Priority-based alerting

Investigations

Case & evidence tracking

Proactive Hunt

Automated threat search

Skills

Modular agent capabilities

Threat Actors

Actor profiles & tracking

Campaigns

Campaign correlation

IOC Management

Indicators & watchlists

Vulnerabilities

CVE tracking & mapping

Detection Rules

Sigma, YARA, Snort gen

Research

Knowledge base & notes

News & Blog

Threat news aggregation

ChainTrace

Vendor & supply chain risk

Team & Org

RBAC & team management

06 · Compliance

Threat intelligence isn't optional anymore.

Multiple regulatory frameworks now require or strongly recommend formal threat intelligence programs. Aperture helps you operationalize those requirements.

ISO 27001:2022

Control 5.7 mandates threat intelligence

NIST CSF 2.0

ID.RA, DE.AE, RS.AN require threat intel

NIST 800-53

RA-3, PM-16, SI-5 threat awareness controls

PCI DSS v4.0

Req 6.3, 11.3 informed by threat intel

DORA (EU)

Requires CTI and threat-led testing

NIS2 (EU)

Art. 21 mandates cyber threat analysis

SOC 2 Type II

CC3.2, CC7.1 risk and monitoring criteria

CIS Controls v8

Controls 7 and 13 recommend CTI

Aperture supports compliance through automated threat feed processing, structured STIX/TAXII sharing, PIR-based prioritization, investigation tracking, detection rule generation, and audit-ready reporting.

07 · FAQ

Frequently asked questions

What is Aperture?
DarkStar Aperture is a threat intelligence platform that automates collection, enrichment, correlation, and prioritization of cyber threat data. It transforms raw threat data into prioritized, actionable intelligence automatically.
Who is Aperture built for?
CTI analysts, SOC teams, MSSPs, and security leaders who need actionable intelligence, not raw feeds.
What does Aperture automate?
IOC enrichment, STIX and TAXII workflows, threat actor attribution, Priority Intelligence Requirement (PIR) based prioritization, and proactive threat hunting across the web.
What tools does Aperture include?
BaitBox (phishing URL detonation), narfAI (research partner), Proactive Threat Hunt (automated web search), ChainTrace (supply chain risk assessment), Skills and Loadouts, PIR and Intel prioritization, Investigations, Detection Rules, OSINT research, and REST API.
What is narfAI?
narfAI is the research partner built into Aperture. It reasons over your threat repository, correlates TTPs, and answers questions with full citations.
What is Proactive Threat Hunt?
An automated search worker that runs on a configurable schedule, generating queries from your PIRs and watchlists to discover emerging threats beyond your RSS feeds. It deduplicates against existing intel and ingests new findings directly into your processing pipeline.
What is BaitBox?
A sandboxed URL detonation tool. Submit a suspicious URL and get a full forensic breakdown: screenshots, redirect chains, SSL inspection, HTTP headers, OSINT enrichment, and an AI powered phishing analysis with a confidence-scored verdict.
What is ChainTrace?
ChainTrace is a supply chain risk assessment tool that uses AI-powered deep research to evaluate third-party vendors, products, and software components. It provides NIST-based risk scoring, historical trend analysis, and automatically correlates findings with threat intelligence from your Aperture repository.

Get the intelligence that matters.

Access the platform and start transforming threat intelligence into actionable insights.

A DarkStar Research product