You find an interesting threat article. You want to know: What IOCs should I look for? What MITRE techniques does this map to? Is this relevant to my organization?
In most tools, you'd need to read the entire article, manually extract indicators, and cross-reference everything yourself. Or wait for an AI to process it while you stare at a loading spinner.
Not anymore.
Pre-Analyzed Intelligence
Here's what makes {P}eelSec different: every article is analyzed during aggregation, not after you click on it.
When new content arrives from our intel sources, our AI pipeline immediately processes it. By the time you see the article in your feed, the analysis is already complete.
Click on any article. The AI Investigation Room opens instantly with:
- Executive Summary - The key takeaways in 2-3 sentences
- Extracted IOCs - IPs, domains, hashes, URLs ready to copy
- MITRE ATT&CK Mapping - Techniques and tactics identified
- Threat Actors - Known groups mentioned
- Malware Families - Identified tools and variants
- Affected Technologies - Products and platforms referenced
No waiting. No prompting. No "generate analysis" buttons.
How It Works
Aggregation Pipeline
Every 30 minutes, we pull new content from 30+ intel sources. Each article enters our analysis pipeline:
- Content extraction - Full article text, not just RSS summaries
- IOC detection - Pattern matching for IPs, domains, hashes, URLs, CVE IDs
- Entity recognition - Threat actors, malware families, products
- MITRE mapping - Techniques extracted and linked to the framework
- Summary generation - Key points distilled
All of this happens in the background. By the time you're reading your morning feed, every article is ready.
The Investigation Room
When you open an article, you get a split view:
Left panel: Full article content with IOCs highlighted inline. Click any indicator to see validation options.
Right panel: AI analysis dashboard with all extracted intelligence organized and actionable.
IOC Validation
Extracted IOCs aren't just displayed - they're actionable.
Click any IP, domain, or hash to:
- Check VirusTotal - See detection rates and vendor analysis
- Query AbuseIPDB - Check abuse reports and confidence scores
- Search Shodan - View exposed services and geolocation
- Copy to clipboard - Grab indicators for your SIEM or blocklist
One-click validation. No copying indicators into separate tools.
MITRE ATT&CK Integration
Every article gets mapped to the MITRE ATT&CK framework:
| Technique | Tactic | Description |
|---|---|---|
| T1566.001 | Initial Access | Spearphishing Attachment |
| T1059.001 | Execution | PowerShell |
| T1071.001 | Command and Control | Web Protocols |
Click any technique ID to open the full MITRE description. Understand the attack pattern. See defensive recommendations.
This isn't keyword matching. Our AI understands context and maps behaviors to techniques accurately.
Team AI Configuration
For teams, admins can configure a shared OpenAI API key for the entire organization.
Why This Matters
- No onboarding friction - New team members get AI features immediately
- Centralized billing - One key, one bill, complete visibility
- Usage tracking - See who's using what and how much
How to Set It Up
- Go to Team Settings in the sidebar
- Select the AI Config tab
- Enter your OpenAI API key
- Choose your model (GPT-4o-mini recommended)
- Click Save
Your entire team now has AI-powered analysis.
Usage Dashboard
The AI Config tab shows team usage:
- Total cost this billing period
- Number of analyses generated
- Per-member breakdown
- Token consumption details
No more mystery bills. Complete visibility into AI spending.
Model Options
| Model | Best For | Cost |
|---|---|---|
| GPT-4o-mini | Most analyses - fast and accurate | Lower |
| GPT-4o | Complex threats needing deeper analysis | Higher |
Start with GPT-4o-mini. It handles 95% of use cases at a fraction of the cost. Switch to GPT-4o when you need extra depth.
Security
Your API key is sensitive. We treat it that way:
- Encrypted at rest using AES-256-GCM
- Masked in the UI after saving
- Admin-only access - regular members use AI but never see the key
- Audit logged - key changes are tracked
Regular team members see "AI Enabled" and can use analysis features. They never see or access the key itself.
The Bottom Line
Traditional workflow:
- Read article (5 minutes)
- Extract IOCs manually (10 minutes)
- Look up MITRE mappings (5 minutes)
- Validate indicators in separate tools (10 minutes)
- Write up findings (10 minutes)
Total: 40 minutes
{P}eelSec workflow:
- Open article, review pre-analyzed intelligence (2 minutes)
- Click to validate IOCs (1 minute)
- Export findings (30 seconds)
Total: 3.5 minutes
That's 36 minutes saved per article. Multiply by the dozen articles you review daily.
Try It
Open any article in your threat feed. Click into the Investigation Room. See how much faster your analysis can be.
No setup required. Pre-analyzed intelligence is available on every article, every time.
Because threat analysis shouldn't mean staring at loading spinners.
Enjoyed this post?
Subscribe to get new posts and product updates delivered to your inbox.