Threat Map
The Threat Map provides a global visualization of cyber threat activity — showing where attacks originate, which industries and geographies are being targeted, and how active campaigns are evolving across the threat landscape.
Accessing the Threat Map
From the left navigation menu in the console, click Threat Map.
Features
Global Threat Visualization
The interactive map displays real-time threat activity across the globe. Each point of activity on the map represents:
- Active threat actor infrastructure
- Attack origin and target geography pairs
- IOC geolocation data from the ThreatBolt intelligence engine
Use the map to rapidly understand the current threat landscape for your region and industry.
Attack Origin Mapping
Drill down by geography to understand where specific threats are originating. For each source region, the map shows:
- Top active threat actors operating from that region
- Types of attacks originating from that geography (phishing, C2, credential attacks)
- Trending IOCs associated with that region
Campaign Tracking
Track active threat campaigns plotted on the map by origin, target geography, and targeted industry. Each campaign entry includes:
- Campaign name and attributed threat actor
- Active infrastructure (C2 IPs and domains)
- Targeted industries and geographies
- MITRE ATT&CK techniques in use
Filters
Use the map filters to narrow the view:
| Filter | Options |
|---|---|
| Time range | Last 24h, 7 days, 30 days |
| Threat type | Ransomware, Phishing, C2, Data Theft, Espionage |
| Target industry | Filter to threats targeting your sector |
| Target region | Focus on threats relevant to your geography |
| Severity | Critical, High, Medium |
Integration with Other Modules
The Threat Map is connected to the broader platform:
- Click any threat actor to open their profile in the Threat Library
- Click any IOC to enrich it via IOC Lookup
- Active campaigns are reflected in Advisory early warning notices