Maltiverse Threat Observatory
The Maltiverse Threat Observatory is a real-time cyber threat intelligence panel designed to provide high-level situational awareness and actionable context regarding global cyber attacks. Thanks to the convergence of Lumu's extensive detection telemetry and Maltiverse’s threat intelligence capabilities, the Threat Observatory ingests anonymized feedback from over 1,800 clients and 2.1 billion detected contacts, enriching Indicators of Compromise (IoCs) with critical real-world context.
This capability allows security teams to instantly validate if a threat is actively affecting their specific industry or region, enabling a shift from reactive monitoring to proactive, sector-specific risk mitigation.
Features and Functionality
Designed to support workflows ranging from executive reporting to technical threat hunting, the Threat Observatory offers a comprehensive panel of interconnected tools. These components work in unison to provide visibility into active threats, alignment with standards like MITRE ATT&CK, and easy-to-use interfaces for generating quick insights.
The following sections detail the core capabilities of the Threat Observatory.
Precise Threat Filtering
To ensure intelligence is actionable, the Threat Observatory utilizes a sophisticated filtering engine that segments global threat data into highly relevant subsets. By applying precise criteria, analysts can instantly narrow the scope of investigation from billions of detections to only those threats affecting specific sectors, regions, or timeframes, ensuring that every alert displayed is pertinent to the organization's unique risk profile.
Scope definition
The filters use AND logic, creating precise intersections of data. This ensures high relevance; for example, an analyst can drill down to isolate only Malicious threats that are specifically targeting Financial Services within the United States, eliminating noise from unrelated sectors or regions.
Users can filter by:
- Time: This dropdown selects the temporal range for threats and IoCs displayed in the panel. The time intervals are:
- Last 60 min
- Today
- Last 7 days
- Last 30 days
- Last 365 days
- Classification: This filter categorizes threats based on their classification:
- Malicious
- Suspicious
- Neutral
- Whitelist
- Regions: This filter narrows threats by associated geographic locations. Users can select the specific countries they want to focus on.
- Industries: Segments data by targeted sector, allowing specific risk assessments for verticals like Energy, Healthcare, or Government. You can filter by the following industries:
| Category | Description |
| Government / Public Sector | Government agencies, law enforcement, public services. |
| Financial Services | Banking, fintech, insurance. |
| Healthcare and Pharmaceutical | Hospitals, providers, biotech, pharmaceuticals. |
| Energy and Utilities | Electricity, oil, gas, water, nuclear. |
| Manufacturing | Industrial, automotive, aerospace, chemicals, consumer goods. |
| Technology and Telecommunications | IT, software, hardware, cloud, telephony, internet. |
| Transportation and Logistics | Air, maritime, land transport, shipping, logistics. |
| Retail and Hospitality | Retail (e-commerce/physical), hotels, tourism, restaurants. |
| Media and Entertainment | News, broadcasting, film, gaming, sports. |
| Professional Services | Consulting, legal, auditing, B2B outsourcing. |
| Defense and Aerospace | Military contractors, defense industry, aerospace manufacturers. |
| Education and Nonprofits | Universities, research, NGOs, foundations. |
Workflow Integration
Using the Open Query with filters capability allows users to quickly change from monitoring to investigation. This feature instantly transforms applied filters into a query for the Maltiverse Search Engine.
This allows analysts to pivot from a high-level overview to a deep-dive investigation without manual setup. The resulting queries can be used to create custom Threat Intelligence Feeds specific to an organization's profile.
Refer to Create Custom Threat Intelligence Feeds for more information.
Real-Time Visualization and Analytics
The Threat Observatory includes interactive visual interfaces designed to benchmark an organization's security posture against global and regional trends.
Live Cyber Threat Map
This interactive map visualizes attack flows from the previous 60 minutes, highlighting hotspots and tracing attack paths to identify geographic patterns or campaigns in real-time.
Attack Insights Panel
While the map provides a visual overview, the Attack Insights Panel offers a granular, listed view of active threats. Enriched by Lumu's feedback, these entries represent verified detections rather than theoretical risks, providing high-confidence intelligence. This structured data is ideal for operational alerts and executive reporting, allowing teams to communicate specific emerging risks clearly.
Top Regions and Industries Analytics
This feature ranks sources, targets, and industries by detection frequency. Security analysts can use this data to identify if their organization’s sector is experiencing a surge in targeted activity compared to the global baseline, aiding in strategic resource allocation.
Distribution by Aggregation List
This table breaks down threats by specific types and families for granular technical analysis. It ranks threats by occurrence, enabling teams to prioritize mitigation efforts against the most prevalent vectors. You can filter the dataset by five distinct criteria—Blacklist Description, Mitre Software, Mitre Groups, Region, or Industry—to answer specific intelligence questions.
For example, grouping by Blacklist Description (e.g., "Phishing Artifact," "Trojan.generic") or Mitre Software allows security teams to focus their detection efforts on the most prevalent attack vectors.
Get an AI Summary
Related Articles
Threat Intelligence Feeds Management
Threat Intelligence feeds on Maltiverse can be used to either be integrated within a wide variety of security tools, or can be downloaded in a variety of formats to be used as needed within your organization. This article goes over both approaches in ...Create Custom Threat Intelligence Feeds
Maltiverse offers the possibility of creating Custom Threat Intelligence Feeds. This feature allows you to carefully select the IoCs you are going to disseminate through your security stack, allowing you to maximize your security posture based on the ...Maltiverse Datasets
Maltiverse processes threat intelligence from multiple sources and classifies it so it can be easily consumed and understood. Each Indicator of Compromise (IoC) is run by the Maltiverse Algorithm to be categorized not only by its type, but also by ...Use Case: IoC Dissemination
When talking about securing your operations, speed and coverage are two critical aspects in keeping your data safe. Having access to private or global IoCs is valuable, but their real power comes when they are distributed across your security stack. ...Getting Started with Maltiverse
Maltiverse by Lumu enhances your cybersecurity stack's Continuous Compromise Assessment by injecting curated threat intelligence feeds, thereby empowering threat detection. This article will guide you through the initial steps to integrate ...