Introducing Threatnote Version 2.0

December 15, 2025

TAGS

Morado, Threatnote, Threatnote 2.0, Morado, Cyber Threat Intelligence, CTI Platform, Unified Threat Management, STIX 2.1, AI for Cybersecurity, Dark Web Monitoring, Digital Risk Protection, Brand Protection, Threat Intelligence Platform, CTI CMM, Security Operations, MSSP, SOC, Detection Engineering, NOVA Signatures, Cybersecurity Product Release, Threat Intelligence Workflow

Introducing Threatnote 2.0

A major leap forward in unified cyber threat intelligence

Morado is excited to announce the release of Threatnote 2.0, the most significant upgrade to our platform since its creation. Over the last several months, our engineering, design, and product teams have completely reimagined key parts of the system to deliver a faster, smarter, and more unified threat intelligence experience for security teams, MSSPs, and enterprises.

Threatnote 2.0 represents a major evolution in how intelligence is collected, analyzed, and operationalized. With a full migration to STIX 2.1, enhanced AI-powered workflows, and major upgrades across dark web monitoring, digital risk protection, intel operations, and program maturity measurement, this release sets a new standard for modern CTI platforms.

What’s new in Threatnote 2.0

1. Full STIX 2.1 Conversion Across the Platform

Every major object in Threatnote is now represented in STIX 2.1, including several domains that are not traditionally STIX based:

• Threat hunts
• Collection management framework
• Dark web findings
• RFIs
• Stakeholders
• Post-mortems
• Analyst workflows and more

Benefits of full STIX alignment:
• Stronger and more meaningful correlations across all intelligence sources
• Consistent data structures that simplify analysis and reporting
• Better interoperability with customer environments
• A scalable foundation for automation and AI-driven insights

This conversion is one of the most impactful changes we have ever made, unlocking significant improvements in speed, precision, and program visibility.

2. AI Agents Built to Amplify Analyst Efficiency

AI in Threatnote 2.0 is focused entirely on making teams more efficient. The goal is to help analysts move faster, reduce manual processing time, and identify relevant insights sooner so organizations can reduce exposure and risk.

AI Agents assist with:
• Summarizing large data sets and findings
• Correlating intelligence across modules
• Surfacing relevant insights tied to PIRs and stakeholder needs
• Speeding up processing so decisions can be made faster

The result is a faster path from intelligence collection to action while keeping analysts firmly in control.

3. Priority Intelligence Requirements (PIR) Enhancements

PIRs have been core to Threatnote from day one. In 2.0, we expanded their capabilities:

• Fully customizable PIRs and Essential Elements of Information
• AI-assisted identification of relevant intelligence
• Better organization and filtering of data tied to organizational priorities

This update strengthens the alignment between intelligence outputs and stakeholder needs, ensuring CTI teams consistently deliver impact.

4. Alerts: Smarter, More Actionable

Threatnote 2.0 introduces major improvements to the alerting framework:

• AI summarization for clarity and quick decision making
• Smart recommendations for next steps
• A growing library of out-of-the-box alerts
• Cleaner workflows for routing, triage, and collaboration

These improvements help teams stay ahead of emerging threats while reducing workload.

5. Signature Development and Deployment

Threatnote now supports NOVA signatures, giving teams an easier and more powerful way to create, test, and deploy detections that align with their threat models and environments.
In addition to supporting multiple new detection languages, we also now have the ability to deploy and manage detection signatures across a growing number of solutions.

6. CTI CMM: Built-In Program Maturity Assessment

Threatnote 2.0 includes a dedicated CTI Capability Maturity Model assessment tool:

• Evaluate your program’s maturity
• Identify strengths, gaps, and opportunities
• Track progress over time
• Align improvements with intelligence workflows

This provides organizations with a structured, repeatable way to measure the impact of their CTI efforts.

7. Analyst Workbench: Visualizing Connected Intelligence

The new Analyst Workbench provides an intuitive visual interface for exploring STIX-connected data. Analysts can:

• Navigate relationships across threat actors, infrastructure, findings, and hunts
• Identify patterns that are difficult to see in linear reports
• Conduct investigations with more clarity and context

8. Dark Web Monitoring Enhancements

Threatnote 2.0 brings deeper and more actionable dark web intelligence, including:

• Expanded visibility into third party exposure
• Improved classification of leaked or exposed assets
• Faster integration into hunts, PIRs, and reporting

9. Digital Risk Protection Enhancements

Significant updates across brand and VIP monitoring:

• Better analysis of potentially impersonating domains
• Expanded visibility into malicious or suspicious mobile apps
• Social media threat detection improvements
• Streamlined enablement for takedowns and mitigation

A Platform Evolving With You

Threatnote 2.0 reflects months of effort across engineering, design, and product management. It also reflects the feedback and collaboration of our customers and partners who help us push the platform forward every day.

Our mission remains the same:
To unify threat intelligence, reduce noise, and give security teams a clearer path from information to action.

Threatnote 2.0 is a major step in that journey, and we are excited for what it unlocks.

Next Steps

Stay tuned for more, and thank you for being part of the Morado community.

© 2025 Morado Intelligence
Privacy PolicyTerms and Conditionsmorado@morado.io