Recommended
Submit a CTI link
Drop a threat intelligence report URL below. We'll open a GitHub issue pre-filled with the source so a Keeper can run the CTI pipeline and draft the hunt hypothesis for you.
From Actor coverage page
Target technique: . We'll tag the GitHub issue with this so a Keeper knows what gap you're filling.
or submit directly
Create CTI issue on GitHub
Opens the issue template directly — fill in the fields yourself.
Other paths
Write it yourself
Have a fully-formed hypothesis? Submit it manually using our hunt template, or open a PR directly if you're comfortable with the format.
Manual submission template
Fill out hypothesis, technique, data sources, and PEAK stage in the GitHub issue form.
→
Open a pull request
Fork the repo, add your hunt file, and submit a PR for Keeper review.
→
Contributor guide
Hunt format spec, PEAK stage guide, data source tagging, and review process explained.
→
How the CTI pipeline works
01
You paste a link
Any public CTI source — blog, PDF, advisory, or research paper.
02
We open an issue
A GitHub issue is created with the source pre-filled, routed to the Keepers.
03
Pipeline drafts the hunt
Our CTI pipeline extracts TTPs and drafts a hypothesis in HEARTH format.
04
Keepers review & merge
A Keeper validates the draft, credits you, and merges it to the library.