A curated, analyst-approved briefing surface for security leaders. We publish only qualified headlines, original source links, timestamps, categories, severity, and concise Glexia context — never copied article bodies or unlicensed summaries.
The public briefing is deliberately conservative. Items enter a pending queue from licensed feeds and authoritative advisories, then publish only after an analyst adds context and confirms public-display rights.
Every published item includes attribution, the original link, a recency signal, severity, relevance, CVE links when the ID exists in our CVE library, and a short “Why it matters” note written by Glexia.
The queue is working as designed: licensed or sensitive intelligence stays private until a Glexia analyst confirms attribution, relevance, freshness, and public-display rights. Private briefings and client SOC updates continue through contracted channels.
Feed items are normalized into a unified intelligence workflow, profiled for source drift, deduplicated, cross-linked to existing CVE records when present, and held for analyst approval before public display. Use the ATT&CK library to pivot from signals into behavior, telemetry, and mitigations.
Open MITRE ATT&CK ReferenceThe intake model supports licensed intelligence streams, RSS/Atom, JSON, social/news feeds, public vulnerability databases, MISP-style event data, commercial news licensing, and authoritative public vulnerability sources. Public rendering is separately controlled by license status and allowed fields.
Licensed Intelligence Source, Contract-Review CTI Feed, Feedly Threat Intelligence, Recorded Future Intelligence Cloud, Flashpoint Ignite, NewsCatcher, AYLIEN News API feed the analyst queue only after credentials and public-use rights are confirmed.
Public CTI Feed, CISA Known Exploited Vulnerabilities, NIST National Vulnerability Database, FIRST EPSS can provide public vulnerability context when items meet freshness and editorial rules.
Pending items never render publicly. Approval requires source, URL, publication date, category, severity, relevance, and a Glexia analyst note.
Each step narrows a broad intelligence stream into defensible public guidance.
Provider items are deduplicated by canonical URL, title, source, and date, then stored as structured review metadata.
The source registry controls which fields may appear publicly and keeps restricted CTI internal.
A reviewer approves, rejects, categorizes, and annotates the item with concise Glexia context.
Only approved, fresh items render on the public briefing page and the threat-intelligence module.
