Threat Intelligence Platform for SOC & CTI Teams | OPTIX

# OPTIX OPTIX is an automated threat intelligence platform for lean SOC and CTI teams. It ingests open-source intelligence, extracts threat entities and IOCs using a hybrid regex + LLM pipeline, maps them to MITRE ATT&CK, and generates detection rules in 11 SIEM formats including Sigma, KQL, and Splunk SPL. ## Core Capabilities - Automated CTI collection from RSS feeds, OSINT sources, vendor advisories, threat blogs, AlienVault OTX, URLhaus, NVD, Reddit, and Discord. - Multi-stage extraction pipeline: deterministic regex pattern matching for IOCs and CVEs, fuzzy alias resolution for threat actors and malware families, and LLM semantic scoring for contextual entities. - Correlation engine linking threat actors, malware, CVEs, IOCs, TTPs, and MITRE ATT&CK techniques across every ingested document. - Detection rule generation in 11+ SIEM formats: Sigma, Splunk SPL, Microsoft KQL, Elastic EQL/ES|QL, CrowdStrike LogScale, QRadar AQL, Chronicle UDM, SentinelOne S1QL, Palo Alto XQL, Suricata, and YARA. - Intelligence reports with full source attribution, exportable to PDF and Word. - STIX 2.1 / TAXII 2.1 producer and consumer for SOAR and TIP interoperability. - MITRE ATT&CK coverage heatmap and detection gap analysis. - Multi-tenant workspaces with role-based access control, audit logging, and TLP enforcement. ## Who It Is For OPTIX is built for SOC analysts, cyber threat intelligence (CTI) analysts, detection engineers, and incident responders — in particular small security teams and organisations without a dedicated CTI capability who need enterprise-grade coverage without enterprise-grade headcount. It is also used by security leadership tracking ATT&CK coverage and the active threat landscape. ## Pricing OPTIX offers four plans billed in GBP: - **Free** — £0/month, core ingestion and extraction, limited AI credits. - **Individual Analyst** — £24/month, increased AI credits, full detection workbench. - **Team** — £119/month, shared workspaces, API access