Team Cymru, a global leader in internet intelligence, has announced a strategic partnership and new integration with OpenCTI, the widely used open-source threat intelligence platform developed by Filigran. Through this collaboration, Team Cymru is embedding its Pure Signal intelligence and Scout capabilities directly into the OpenCTI platform. As a result, security teams can now access global internet visibility, instant data enrichment, and automated threat-hunting workflows without leaving their primary investigation environment.

This integration significantly enhances how analysts work day to day. Instead of performing time-consuming manual lookups across multiple tools, defenders can now enrich alerts in real time with global intelligence. For example, analysts can instantly determine whether an IP address belongs to a command-and-control server, a VPN exit node, a proxy, or part of a coordinated attack infrastructure. Consequently, triage and investigation processes accelerate, enabling teams to move faster from detection to response.

Moreover, the integration supports a shift from reactive security operations to proactive threat hunting. By leveraging automated playbooks within OpenCTI, teams can continuously monitor for newly emerging malicious infrastructure, including ransomware ecosystems and nation-state–linked activity. This allows defenders to identify and track adversary assets as soon as they appear on the internet—often well before they are used in active campaigns.

Cyber Technology Insights: RSAC Kicks Off Flagship Event on Monday as RSAC 2025 Conference Opens in San Francisco

By combining internal incident telemetry with Team Cymru’s expansive global visibility, organizations gain deeper insight into both threats and the infrastructure that supports them. Team Cymru’s intelligence—derived from NetFlow data, large-scale traffic analysis, and infrastructure classification—adds a crucial external perspective. In addition, the integration enables dynamic indicator creation by transforming complex Scout queries into STIX-compatible indicators. These indicators can then be immediately monitored, alerted on, and shared across the OpenCTI ecosystem, strengthening collaboration and collective defense.

In practical terms, this partnership gives security teams a far wider lens. Instead of viewing only what is happening within their own networks, analysts can observe global patterns of malicious activity and infrastructure development. This expanded situational awareness helps organizations identify threats earlier, understand adversary behavior more clearly, and disrupt campaigns before they reach critical systems.

“Team Cymru’s mission is to empower the world’s defenders with the most comprehensive visibility into malicious activity,” said Will Baxter, Senior Security Researcher at Team Cymru. “Integrating Pure Signal with OpenCTI gives security teams an unmatched analytic advantage by enriching investigations with high-quality, globally-sourced intelligence from day zero.”

Cyber Technology Insights: Cyware Unveils First Pre-Configured Threat Intel Platform

From Filigran’s standpoint, the integration strengthens both the OpenCTI platform and the broader open-source threat intelligence community. By bringing high-fidelity, globally sourced intelligence into an open, extensible framework, the partnership increases the operational value of OpenCTI while preserving the principles of transparency and collaboration.

“The strength of the threat-intelligence community comes from openness and collaboration. Integrating Team Cymru’s Pure Signal with OpenCTI empowers defenders everywhere with richer context and faster analytic workflows, all while preserving the transparency and extensibility of our platform. We are proud to partner with an organization committed to elevating the global security ecosystem,” said Samuel Hassine, CEO and Co-Founder of Filigran.

Ultimately, this collaboration delivers a powerful enhancement for security operations teams. By uniting Team Cymru’s internet-scale intelligence with OpenCTI’s open threat intelligence framework, the integration equips defenders with faster insights, broader context, and the ability to hunt threats proactively—helping organizations stay ahead of adversaries in an increasingly complex digital landscape.

Cyber Technology Insights: Socura Becomes MSSP Partner in Google Cloud Program

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com