A threat intelligence platform that aggregates indicators of compromise from multiple sources, enriches them with contextual data, analyzes threat severity and campaign attribution, and distributes actionable intelligence to security infrastructure. The collector ingests raw feeds, the enricher correlates and contextualizes IOCs, the analyzer scores threats and maps to frameworks, and the distributor pushes formatted intelligence to downstream consumers.
clawhub install pilot-threat-intelligence-setup # Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On intel collection node
clawhub install pilot-stream-data pilot-cron pilot-archive
pilotctl set-hostname <your-prefix>-collector
# On enrichment node
clawhub install pilot-dataset pilot-task-router pilot-event-filter
pilotctl set-hostname <your-prefix>-enricher
# On analysis node
clawhub install pilot-metrics pilot-consensus pilot-alert
pilotctl set-hostname <your-prefix>-analyzer
# On distribution node
clawhub install pilot-webhook-bridge pilot-announce pilot-audit-log
pilotctl set-hostname <your-prefix>-distributor
# collector <-> enricher (raw IOCs)
# On collector:
pilotctl handshake <your-prefix>-enricher "setup: threat-intelligence"
# On enricher:
pilotctl handshake <your-prefix>-collector "setup: threat-intelligence"
# enricher <-> analyzer (enriched IOCs)
# On enricher:
pilotctl handshake <your-prefix>-analyzer "setup: threat-intelligence"
# On analyzer:
pilotctl handshake <your-prefix>-enricher "setup: threat-intelligence"
# analyzer <-> distributor (threat verdicts)
# On analyzer:
pilotctl handshake <your-prefix>-distributor "setup: threat-intelligence"
# On distributor:
pilotctl handshake <your-prefix>-analyzer "setup: threat-intelligence"
pilotctl trust