Ironwright
● Phase 6 In Progress v4.0

CyberPulse

One feed of signal for your security team, not 22 feeds of noise.

Talk to IronwrightTechnical detail

The problem

Security teams subscribe to a dozen threat feeds and still miss the ones that matter. Alert fatigue is real; correlation across sources is manual; and the most useful signals are buried in Twitter, Mastodon, and Reddit threads that nobody has time to read.

What it does, and who it is for

CyberPulse pulls from 22 plus structured feeds (NVD, CISA KEV, MITRE ATT&CK, vendor advisories, OTX, abuse.ch, Shodan, VirusTotal, plus community sources), normalizes them into one schema, scores each item with a hybrid rule and ML classifier, and routes alerts to your team by severity and sector.

  • Security operations centers (SOCs)
  • Incident response and threat-intel teams
  • DevSecOps groups tracking exposure
  • MSSPs managing multiple client environments

Proof at a glance

22+

Threat feeds aggregated

18

Active collectors

53

REST API endpoints

Multi-tenant

Isolation audited

Capabilities

22 plus structured feeds

Tier 1 (NVD, CISA KEV, MITRE ATT&CK, vendor advisories), Tier 2 (OTX, abuse.ch, Shodan, VirusTotal), Tier 3 (community sources on Reddit, Mastodon, Bluesky).

Hybrid scoring you can tune

CVSS (30%), active exploitation (35%), exploit availability (20%), recency (10%), sector relevance (5%). Reweight per tenant.

XGBoost classifier with rule fallback

Trained on live data with confidence-based fallback to the deterministic rule engine, so you never get a silent failure.

Multi-tenant ready

Tenant ID enforced on every query, per-tenant sector profiles, and independently audited isolation. Run one stack across multiple client environments.

Alerting and observability

Webhooks and email out of the box. Ops dashboard, collector-dark watchdog, and a deployment posture you can hand to a client.

Compliance and trust

Aligned with: NIST Cybersecurity Framework, MITRE ATT&CK mapping on feeds where available

  • 14 critical security findings remediated in the audited posture
  • Tenant ID enforced on all queries; cross-tenant access independently scanned
  • API keys hashed at rest; CORS hardened
  • SQL injection protections confirmed on the full schema

How it deploys

CyberPulse ships as a Docker Compose stack with PostgreSQL. Deploy on-prem or in your cloud account. FastAPI service, APScheduler-driven collectors, and an Alembic-managed schema. SSO-ready for enterprise rollouts.

What is coming next

  • Structured logging and automated backups (Phase 6)
  • [object Object]
  • Expanded community-source coverage
Talk to Ironwright

See the technical detail