The Edgewatch Cyber Threat Intelligence (CTI) API delivers real-time, structured, and enriched threat data directly from our global honeypot sensor network. It empowers security professionals with access to high-fidelity attacker data, malware hashes, and contextual threat intelligence enriched with MITRE ATT&CK and shared using STIX/TAXII standards. Each event represents a real attack observed on our honeypots.

Download free, ready-to-use threat intelligence feeds. For REST API usage details and endpoint specifications, visit the API Docs or consult our Knowledge Base. STIX 2.1 feeds are also available via our TAXII 2.1 server.

Top Attack Vectors

Trending Exploits

Anomaly-detected threats with unusual activity spikes (7-day baseline)

Global Attack Origins

Geographic distribution of attack sources detected over the last 7 days

Threat Categories

Live Threat Trends Last 10 days

Real-time threat intelligence from our global sensor network (last 10 days)

---

This service is subject to our Terms of Use and Privacy Policy.