Partnership
Threat Intelligence

Filigran and RST Cloud partner on Unified Threat Intelligence

Dec 1, 2025 6 min read

Jan Johansen

SVP of Channel & Alliances

Filigran and RST Cloud Partner to Bring Structured Global Threat Research and Universal Threat Profiles to OpenCTI.
Automated processing of global threat research and universal threat profiles meet OpenCTI’s analytical power, delivering unified, actionable intelligence that cuts through taxonomic complexity and information overload
We’re excited to announce our partnership with RST Cloud, a pioneer in AI-powered cyber threat intelligence (CTI) solutions. This collaboration enhances OpenCTI’s already robust capabilities by adding automated ingestion of global threat research, cross-taxonomy threat mapping, and specialized enrichment services—enabling security teams worldwide to tackle some of the most pressing challenges in modern threat intelligence operations.

TL;DR

  • OpenCTI now integrates RST Cloud’s automated global threat research for real-time, structured intelligence.
  • Universal threat profiles unify naming across taxonomies, reducing fragmentation and analyst confusion.
  • High-quality structured threat intelligence from RST Threat Feed improves detection and threat hunting.
  • RST Cloud’s Noise Control and IoC Lookup enrichment APIs reduce noise and add context for faster investigations.
  • The partnership enables more efficient, intelligence-driven security operations inside the OpenCTI platform.

Solving the Intelligence Gap Together

Security teams face an overwhelming volume of global threat intelligence from government agencies, CERTs, ISACs, security vendors, and independent researchers—each using different naming conventions and taxonomies. Manually processing multilingual reports, extracting actionable insights, and correlating inconsistent threat names is both time-consuming and error-prone.

Organizations also struggle to connect disparate intelligence sources, maintain consistent threat tracking, and convert raw indicators into structured intelligence that supports real security decisions.

OpenCTI and RST Cloud address this problem together.

OpenCTI provides the powerful analytical framework, knowledge graph capabilities, and collaborative environment that security teams need to make sense of complex threat data. RST Cloud adds automated processing of global threat research, cross-taxonomy threat mapping, and intelligent enrichment capabilities. The result is a unified, consistent, and actionable global threat intelligence workflow.

“This partnership exemplifies our commitment to building an open, collaborative ecosystem where specialized solutions enhance OpenCTI’s core capabilities. By integrating RST Cloud’s automated threat research processing and universal threat profiles, we’re giving security teams the tools to cut through the noise and complexity that often hampers effective threat intelligence operations.” Jan Johansen, SVP Global Alliances and Channels

New Intelligence Sources and Capabilities for the OpenCTI Community

Through this partnership, OpenCTI users and community members gain access to several valuable intelligence sources and solutions:

RST Report Hub: Automated Global Threat Research Intelligence

RST Cloud – Report Hub

RST Report Hub transforms how organizations consume threat research. This innovative connector automatically collects and analyzes threat reports, blogs, and articles from global sources—regardless of language—and extracts actionable insights from text, images, and PDFs.

Report Hub Graph

The intelligence flows directly into OpenCTI as standardized STIX 2.1 objects, automatically mapped to RST Cloud’s comprehensive Threat Library. Security teams gain near real-time visibility into emerging threats published by researchers worldwide, without manual overhead. Combined with OpenCTI’s analytical capabilities, teams can immediately correlate this fresh intelligence with their existing knowledge base, pivot across relationships, and generate hypotheses faster than ever before.

RST Threat Library: Universal Threat Profiles Across Taxonomies

Threat library

RST Threat Library addresses the persistent challenge of threat naming chaos that fragments knowledge across organizations. The same malware, campaign, or threat actor might be referenced differently across vendors, government agencies, and research organizations, making correlation difficult and comprehensive tracking nearly impossible.

Malware Description

RST Threat Library provides universal threat profiles that map threat names across different CTI taxonomies, giving OpenCTI users a unified view of campaigns, malware families, intrusion sets, and adversary tools. When combined with OpenCTI’s knowledge graph, this creates powerful capabilities to track threats regardless of which naming convention your intelligence sources use, ensuring you’re always looking at the complete picture.

RST Threat Feed: High-Quality Structured Intelligence

Threat Feed

RST Threat Feed delivers structured, precise, and high-quality CTI directly into OpenCTI to support detection, prevention, and threat hunting operations. This feed complements OpenCTI’s existing intelligence sources with carefully curated indicators designed to maximize signal and minimize noise, perfectly aligned with OpenCTI’s philosophy of quality over quantity.

RST Enrichment APIs: Context and Noise Reduction

For deeper analysis within OpenCTI, RST Cloud’s enrichment APIs add critical context to investigations and dramatically improve efficiency:

  • RST Noise Control is particularly popular among OpenCTI users, identifying indicators that generate more noise than signal and allowing teams to focus on genuine threats. This directly enhances OpenCTI’s threat assessment workflows.
  • RST IoC Lookup provides comprehensive context for indicators, accelerating alert triage and investigation within OpenCTI’s case management capabilities.
  • RST Whois API delivers enriched domain and IP intelligence that flows naturally into OpenCTI’s infrastructure analysis workflows.
Noise Control

These enrichment capabilities integrate seamlessly with OpenCTI’s existing enrichment connectors, and teams often combine Noise Control with IoC Lookup to experience the full impact on workflow efficiency.

The Combined Value: Intelligence-Driven Security Operations

By combining OpenCTI with RST Cloud, security teams unlock powerful outcomes:

  • Faster investigation and hypothesis building through automation and unified threat profiles
  • Accelerated incident response with automatic correlation of indicators to global threat research
  • Improved detection engineering fueled by structured, low-noise intelligence
  • Clearer compliance reporting thanks to standardized taxonomies and traceable intelligence
  • More effective threat hunting using enriched context and cross-taxonomy mappings
  • Reduced analyst fatigue through automation and noise elimination

This partnership reflects our commitment to building an open, collaborative ecosystem around OpenCTI, one where best-of-breed solutions come together to deliver exceptional value to security teams of all sizes.

“Together, we deliver a powerful platform enriched with high-quality threat intelligence from diverse global sources—all normalized and unified, so organizations can effectively leverage this knowledge regardless of data formats or taxonomies used by different security vendors.” Yury Sergeev, Director at RST Cloud

Get Started Today

RST Cloud’s solutions are available now for the entire OpenCTI community. Whether you’re looking to automate threat research processing with Report Hub, standardize your threat tracking with Threat Library, or reduce alert fatigue with Noise Control, the integration is designed for seamless deployment.

Organizations interested in experiencing the full capabilities typically begin with a proof-of-concept that combines RST Report Hub or RST Threat Library with RST Noise Control and IoC Lookup enrichment—a powerful combination that quickly demonstrates tangible improvements in analyst efficiency and intelligence quality.

Take Action

  • Learn more about RST Cloud and their full suite of solutions at rstcloud.com
  • Access the RST Cloud connectors in the OpenCTI ecosystem at OpenCTI Connectors
  • Explore integration documentation and setup guides at RST Cloud Documentation
  • Contact RST Cloud to discuss proof-of-concept opportunities tailored to your organization’s needs

Join the conversation in our Slack community and share your experiences with RST Cloud integration. We’re excited to see how this partnership helps security teams worldwide operate more effectively.

About RST Cloud

RST Cloud is an innovator in cyber threat intelligence, leveraging ML, LLM, and automation to enhance threat detection, analysis, and response with robust, relevant CTI expertise. Partnering with organizations globally, RST Cloud delivers actionable intelligence to proactively strengthen security against evolving cyber threats.

Read more

Explore related topics and insights

Stay up to date with everything at Filigran

Sign up for our newsletter and get bi-monthly updates of Filigran major events: product updates, upcoming events, latest content and more.

It appears your browser has strict tracking prevention enabled, which may be blocking HubSpot forms and other features. To ensure full functionality, please turn off tracking prevention and refresh the page or contact us at