Named Adversaries, Observed
The canonical view of every named adversary observed across the platform. A searchable, filterable grid of actor cards with per-actor detail pages that list indicators, severity distribution, target geography, and time-series activity.
Threat Actors — from the user guide
The screenshot below is taken from the platform user guide. Sensitive data fields are redacted with solid blocks; the page chrome is cropped for clarity.
Why this page exists
The Threat Actors page is the answer to “what do we know about this name?”. A grid of actor cards, each showing the actor name, primary adversary type, current-cycle IOC count, severity mix, and an activity sparkline, is searchable by full or partial name and filterable by adversary type. The grid is the entry point; the per-actor detail page is the working surface.
Each per-actor detail page lists the indicators attributed to the actor with full tagging, severity, first-seen / last-seen timestamps, and a pivot back to IOC Management for annotation or export. The page also surfaces the actor’s observed target geography distribution, the categories of indicator it has produced, and a time-series chart of its observed volume across rolling weekly windows.
Bookmarking actors that matter to your environment is one of the highest-leverage habits on the platform. The bookmark star appears on every actor card and on every detail page. Bookmarked actors get surfaced in the Overview, in the weekly advisory delivery preferences, and in the per-user homepage.
How operators use this page
Investigate a named actor
Search by full or partial name. Pick the matching card. The per-actor detail page loads with indicators, target geography, and time-series. Pivot any indicator row into IOC Management for tagging or annotation.
Find your loudest actors
Sort by high-severity count (or its variant, Critical-plus-High). The top of the grid lists actors generating the most high-impact indicators. Bookmark the actors you intend to follow regularly.
Cross-reference by adversary type
Set the type filter to a specific adversary type such as C2 or Malware. The grid shows only actors whose primary adversary type matches. Combine with the search bar to find a specific name within that subset.
What the page shows
Actor card (name, type, IOC count, severity mix, activity sparkline), bookmark star, per-actor detail (indicators, target geography, time-series), type filter, sort selector.
Best practices and limits
- For per-actor analysis combined with C2 lens, see C2 Operations.
- For shared-infrastructure analysis across actors, see Knowledge Graph → CIDR Clusters.
