Every threat case psyc is tracking — ingested from URLhaus, CISA KEV, Feodo Tracker, ThreatFox, MalwareBazaar, and AlienVault OTX, then classified by severity and TLP. The live queue of what the platform currently knows about; click any case to follow it through the pipeline.
How to use. Scan the severity and TLP badges to triage; click any case ID to open its full record and Worker Mesh journey. Run psyc fetch-all to pull fresh cases from the feeds.
What you're seeing. Each row is one normalized Case object — ingested by Scoutline from any of six feeds (URLhaus, CISA KEV, Feodo Tracker, ThreatFox, MalwareBazaar, OTX), then rated by Classifyline.
Why it matters. A defender needs one place that answers "what is happening right now" before deciding what to act on — this queue is that place.
No cases yet. Run psyc fetch urlhaus to ingest.
| Case ID | Ingested | Severity | TLP | Type | Summary |
|---|---|---|---|---|---|
| {{ c.case_id }} | {{ c.ingested_at.strftime('%Y-%m-%d %H:%M') }} | {{ c.classification.severity.value if c.classification.severity else '—' }} | {{ c.classification.tlp.value }} | {{ c.classification.incident_type.value if c.classification.incident_type else '—' }} | {{ c.summary }} |