You're tracking a specific threat actor. Or monitoring for vulnerabilities in a particular product. Or watching for any mention of your organization in breach reports.
The problem? You'd have to check your threat feed constantly. Multiple times a day. Every day. Forever.
That's not sustainable. That's barely sane.
What if the threats came to you instead?
The Problem with Manual Monitoring
Let's be honest about how most security teams track specific threats:
- Open the feed every few hours
- Search for your keywords
- Hope you didn't miss anything while you were in meetings
- Repeat indefinitely
It's exhausting. It's error-prone. And when something critical drops at 3 AM, you won't find out until 9 AM. By then, Twitter has moved on and you look like you're behind the curve.
Smart Monitors
{P}eelSec Monitors flip the script. Instead of you searching for threats, threats find you.
How It Works
- Create a monitor with keywords you care about
- Set your notification preferences (email, in-app, or both)
- Let it run in the background
- Get alerted when matching threats appear
That's it. Set once, forget about it, get notified when it matters.
Creating Your First Monitor
Step 1: Define Your Keywords
Navigate to Monitors in the sidebar. Click New Monitor.
Enter your search terms:
| Monitor Type | Example Keywords |
|---|---|
| Product-specific | "Kubernetes", "K8s", "kubectl" |
| Threat actor | "APT29", "Cozy Bear", "Nobelium" |
| Malware family | "LockBit", "BlackCat", "ALPHV" |
| Organization | Your company name, subsidiaries |
| CVE tracking | "CVE-2024-", specific CVE IDs |
You can use multiple keywords. Use quotes for exact phrases. Combine with AND/OR logic.
Step 2: Choose Notification Method
- Email - Get an email when matches are found
- In-app - See notifications in the {P}eelSec sidebar
- Both - Belt and suspenders
For critical monitors, use both. For lower-priority tracking, in-app might be enough.
Step 3: Set Severity Threshold (Optional)
Only want to know about critical threats? Set a minimum severity level:
- Critical - Only the most severe threats
- High - Critical and high severity
- Medium - Most actionable intelligence
- All - Everything that matches
Real-World Monitor Examples
The Product Vulnerability Tracker
Keywords: "Kubernetes" OR "K8s" OR "kubectl" Severity: High and above Notifications: Email
Get notified whenever a significant Kubernetes vulnerability is reported. Skip the noise of minor issues.
The Threat Actor Watcher
Keywords: "APT29" OR "Cozy Bear" OR "Midnight Blizzard" Severity: All Notifications: Both
Track a specific nation-state actor. Any mention triggers an alert. You want to know everything.
The Brand Monitor
Keywords: "YourCompany" OR "yourcompany.com" Severity: All Notifications: Email immediately
Are you mentioned in breach reports? Security news? Threat actor chatter? Find out immediately.
The Ransomware Watch
Keywords: "LockBit" OR "BlackCat" OR "ALPHV" OR "Cl0p" Severity: High and above Notifications: Both
Track the major ransomware groups. Know when they're active, who they're targeting, what tactics they're using.
Monitor Dashboard
All your monitors live in one dashboard:
| Monitor | Matches | Last 24h | Status |
|---|---|---|---|
| Kubernetes Vulns | 247 | 3 | Active |
| APT29 Tracking | 89 | 0 | Active |
| Brand Mentions | 12 | 0 | Active |
| Ransomware Watch | 156 | 5 | Active |
See at a glance:
- How many total matches each monitor has found
- Recent activity (last 24 hours)
- Monitor status (active, paused)
Click any monitor to see the matching articles.
Email Digest Options
Getting too many emails? Configure digest mode:
| Option | Behavior |
|---|---|
| Immediate | Email sent for each match |
| Daily Digest | One email per day with all matches |
| Weekly Digest | One email per week |
Start with daily digests. Switch to immediate for critical monitors where speed matters.
Advanced Matching
Boolean Logic
"Kubernetes" AND "RCE"
Only matches articles mentioning both.
"LockBit" OR "BlackCat"
Matches articles mentioning either.
"vulnerability" AND NOT "patched"
Find unpatched vulnerabilities.
Phrase Matching
"remote code execution"
Matches the exact phrase, not just individual words.
Severity Combinations
Keywords: "AWS"
Severity: Critical
Only critical AWS vulnerabilities.
Team Monitors
For team accounts, monitors can be shared:
- Personal monitors - Only you see notifications
- Team monitors - All team members see notifications
Use team monitors for organizational concerns (brand monitoring, industry threats). Use personal monitors for individual research topics.
The Math
Without monitors:
- Check feed 5x per day
- 10 minutes per check
- 50 minutes daily
- 4+ hours weekly
With monitors:
- Zero manual checking
- Notifications arrive automatically
- Review only matches (~5 minutes)
- 4+ hours weekly recovered
Plus: You never miss critical intel that drops overnight or during meetings.
Best Practices
Start Specific
Begin with narrow monitors. "Kubernetes RCE" rather than just "Kubernetes". Refine based on results.
Use Severity Filters
Not everything needs immediate attention. Reserve email alerts for high-severity matches.
Review and Refine
Check your monitors monthly. Are they catching relevant intel? Too much noise? Adjust keywords accordingly.
Don't Over-Monitor
10 well-tuned monitors beat 50 noisy ones. Quality over quantity.
Try It
- Go to Monitors in the sidebar
- Click New Monitor
- Enter keywords for something you're tracking
- Set notifications to email
- Save
Then wait. When matching intel arrives, you'll know.
Because threat intelligence shouldn't require constant vigilance. Let the monitors watch. You focus on response.
Enjoyed this post?
Subscribe to get new posts and product updates delivered to your inbox.