v1.0 Behavior-Based Threat Intelligence

The Intelligence Graph
That Never Stops Growing

Mycelium continuously maps threat behaviors and patterns—not ephemeral IOCs. Ask questions, get actionable intelligence with detection rules and attack simulations.

Run Threat Hunt Ask Agent API Docs
0
TTPs Mapped
0
Threat Actors
0
Detection Rules
0
Attack Simulations
SCROLL
PHILOSOPHY

Behaviors Persist.
IOCs Don't.

Traditional threat intel focuses on indicators—IP addresses, hashes, domains. These are ephemeral. Attackers rotate them constantly.

Mycelium focuses on what attackers do, not what they use. TTPs (Tactics, Techniques, and Procedures) are the DNA of an attack—they don't change when an attacker spins up a new C2 server.

Not an IOC platform
Behavior intelligence

Traditional IOC Intel

"Block IP 192.168.1.100" — Useless in 24 hours when the attacker switches infrastructure.

Mycelium Behavior Intel

"APT29 uses T1059.001 (PowerShell)" — Detect with Sigma rule X, simulate with Atomic test Y. Actionable forever.

THE GRAPH

A Living Intelligence Network

Like mycelium connecting a forest underground, our graph connects every piece of threat intelligence into a queryable whole.

INGEST
Threat Articles
RSS Feeds • URLs • Reports
🎯
TTPs
MITRE + Custom
👤
Threat Actors
APT Groups
🦠
Malware
Families & Tools
🔓
CVEs
Vulnerabilities
Sigma Rules
Detection Logic

3,000+ detection rules mapped to TTPs. Get the exact YAML to deploy.

Atomic Red Team
Attack Simulation

1,800+ attack tests mapped to TTPs. Validate your defenses actually work.

Continuously Expanding

RSS feeds analyzed every 6 hours. MITRE synced daily. The graph never stops growing.

Semantic + Structured

Vector search for meaning. Filters for precision. Find "ransomware targeting healthcare in 2024" instantly.

AI-Powered Extraction

LLM analysis extracts entities and creates custom TTPs for novel techniques not yet in MITRE.

THREAT HUNTING

AI-Powered Threat Hunts

Tell us about your organization. Our AI agent analyzes the intelligence graph to prioritize TTPs that matter to you—with reasoning and detection coverage.

Emerging Threat Hunt

POST /api/v1/hunt/emerging

"What happened THIS WEEK that matters to us?"
Time-bound hunting that queries recent threat articles and surfaces urgent TTPs.

Configurable time window (1-90 days)
Analyzes recent threat intelligence articles
Prioritizes by recency + relevance

Proactive Threat Hunt

POST /api/v1/hunt/proactive

"What should we defend against long-term?"
Strategic hunting based on threat actors and malware targeting your profile.

Focus on specific threat actors (APT29, etc.)
Analyzes malware families targeting your stack
Option to filter gaps-only (missing coverage)
threat_hunt_agent
// Your Organization Context
// Hunt agent ready. Configure your context above.

// The agent will:
// 1. Gather intelligence matching your context
// 2. Analyze threat actors, malware, and articles
// 3. Prioritize TTPs with AI reasoning
// 4. Return detection + simulation coverage
POST /api/v1/hunt/emerging Ready
👩‍⚕️
Healthcare SOC Lead
Emerging Hunt

"After the Change Healthcare breach, I need to know what ransomware TTPs are actively targeting healthcare THIS WEEK."

👨‍💼
Financial CISO
Proactive Hunt

"We run Active Directory. Show me what APT29 and FIN7 are doing—prioritize TTPs where we have detection gaps."

🔬
Threat Intel Analyst
Both Modes

"Weekly emerging hunts for my sector + quarterly proactive reviews. The AI reasoning helps me explain priorities to leadership."

ASK AGENT

Ask Anything About Threats

The Mycelium agent uses ReAct reasoning to break down complex questions, query the graph, and synthesize actionable answers.

mycelium_agent_v1
// Example questions:
// Agent ready. Enter your API key and ask a question.

// The agent will:
// 1. Analyze your question
// 2. Query the intelligence graph
// 3. Return actionable intelligence
POST /api/v1/ask Ready
Need an API key? Check the documentation or contact the admin.