Team Cymru & Filigran integrate Pure Signal with OpenCTI

Team Cymru has agreed a strategic partnership with Filigran that integrates Team Cymru's Pure Signal intelligence and Scout search tools into the OpenCTI threat intelligence platform.

The companies said the integration places Team Cymru data and workflows inside OpenCTI. They said security teams can enrich alerts and investigations without switching between products.

Product Integration

OpenCTI is an open-source platform used for managing and sharing threat intelligence. Filigran develops and maintains the project. Team Cymru sells internet intelligence services and provides community services for incident response teams.

The integration adds new enrichment options for investigations inside OpenCTI. The companies said analysts can pull global context on demand during triage. They cited examples such as identifying whether an IP address relates to a controller, a VPN endpoint, a proxy service, or activity linked to a broader campaign.

The companies also described automated hunting workflows inside OpenCTI. They said teams can run playbooks that search for emerging malicious infrastructure and activity. The statement referenced ransomware and DPRK-aligned activity as examples.

Data Sources

Team Cymru said the integration draws on its view of internet infrastructure and traffic. It referenced NetFlow-derived insights, infrastructure classifications, and traffic patterns.

The companies said users can fuse internal incident data with this external context. They said this offers a broader picture of threats and the entities behind them.

They also highlighted indicator management features. The companies said the integration generates indicators from Scout search results. They said it converts results into STIX indicators inside OpenCTI.

This approach gives OpenCTI users a new way to create and share indicators across the platform's ecosystem. It also changes how analysts move from a search query to monitoring and alerting, according to the companies.

Market Context

Cybersecurity teams increasingly use platforms that centralise threat intelligence, case management, and automation. Open-source tooling has gained a larger role in that stack, particularly for organisations that want to tailor workflows and integrations.

Filigran said OpenCTI is used by more than 6,000 public and private organisations worldwide. The company said it raised €50 million in a Series C round, which brought total funding to €100 million since its founding in 2022.

Team Cymru said it works with organisations that face elevated targeting. It also cited no-cost community services that provide threat detection, DDoS mitigation, and intelligence to more than 177 CSIRTs across more than 85 countries.

Company Comments

"Team Cymru's mission is to empower the world's defenders with the most comprehensive visibility into malicious activity," said Will Baxter, Senior Security Researcher, Team Cymru. "Integrating Pure Signal with OpenCTI gives security teams an unmatched analytic advantage by enriching investigations with high-quality, globally-sourced intelligence from day zero."

Filigran positioned the partnership as part of its approach to open-source development and community use of intelligence platforms.

"The strength of the threat-intelligence community comes from openness and collaboration. Integrating Team Cymru's Pure Signal with OpenCTI empowers defenders everywhere with richer context and faster analytic workflows, all while preserving the transparency and extensibility of our platform. We are proud to partner with an organization committed to elevating the global security ecosystem," said Samuel Hassine, CEO and Co-Founder, Filigran.

The companies said the integration is available for OpenCTI users now.