CTP247PRE-LAUNCH

Coming soon.

CTP247 is cyber threat protection that never clocks out — autonomous agents watching your attack surface, brand, and the dark web 24/7. Leave your email and we'll let you know when it's live.

One email at launch. No newsletters, no marketing dripfeed.

CTP247
Get a demo
All agents

Threat Hunter Agent

The hunt that runs even when nobody planned one.

Picks an active actor cluster, cross-checks their TTPs against your real surface.

Most hunts skip because nobody has time to plan one. CTP247's hunter runs anyway. Weekly, it picks an active threat-actor cluster, pulls their MITRE TTPs, looks for evidence those TTPs are visible in your environment — recent alerts, open exposures, IOC overlap — and surfaces 1–4 hunt findings. If you're clean against this actor, that's a valid outcome too.

Focus actor

APT28
Fancy Bear / Forest Blizzard
GRU Unit 26165
risk95

Known TTPs

T1550.001T1078T1190T1566T1059.001T1505.003

Org overlap

T1550.001
OAuth token replay seen on DC-VPN
T1190
Exposed Confluence (CVE-2025-1117)

Hunt findings

Replayed token use against DC-VPN-099
T1550.001
Confluence exposure aligned with APT28 entry vector
T1190

Inputs

  • Active actor inventory (MITRE + your enrichment)
  • Your alerts, exposures, IOCs, and asset graph
  • Optional hypothesis template (analyst-authored)

Outputs

  • Focus actor + confidence + summary
  • 1–4 hunt findings with MITRE technique mapping
  • Full reasoning trace per iteration
  • Linked exposures, alerts, IOCs as supporting evidence

Runtime

  • Cadenceweekly + ad-hoc
  • Iterations≤ 6
  • Cost ceilingper-run cap
  • Drain interval30s queue tick
  • Orphan reaper30min stuck-state sweep
6
Max LLM iterations per hunt
30s
Worker drain tick — ad-hoc 'Run hunt now' is near-instant
1–4
Findings shape — concise enough to act on, deep enough to defend
InvestigationGet a demoBrand Defender