Welcome to the GNAT-o-sphere

Open-source threat intelligence tools built around a common integration surface, so your workflows stay portable across the whole ecosystem.

Canonical Workflow

Collect Telemetry & Sources

External indicators and raw network telemetry enter the ecosystem

Process GNAT

Ingest, normalize, convert to STIX, and route to addons

SenseGNAT

Behavioral profiling & anomaly detection

SandGNAT

Malware detonation & artifact enrichment

RedGNAT

Adversary emulation & validation

Report Investigate & Act

Unified investigation graph, reporting, and operator action

View full diagram → Read the workflow doc →

The ecosystem

Core platform

GNAT

GNAT's Not A TIP

Ingest, normalize, enrich, and investigate threat intelligence across 159 connectors. STIX 2.1 keeps your data model and workflows portable between tools.

Learn more
Addon

RedGNAT

Continuous automated readiness testing (CART) with explicit safety boundaries, plugged into the GNAT workflow engine.

Learn more
Addon

SandGNAT

Automated malware sandbox analysis that feeds detonation results directly into GNAT investigations and reports.

Learn more
Addon

SenseGNAT

Network profiling and behavior analysis that surfaces anomalies and enriches GNAT investigations with traffic-layer context.

Learn more
Interface

GNAT-gui

Desktop GUI for GNAT analyst workflows. Structured investigations, hypothesis tracking, evidence graphs, rules authoring, and automated reporting — no CLI required.

Learn more

Presentations

Ecosystem

GNAT-o-sphere Overview

A deep-dive into the full ecosystem — architecture, canonical workflow, per-product capabilities, and adoption path. Aimed at a mixed audience of analysts, investigators, and engineers.

~17 slides  ·  45–60 min
Open deck →
Interface

GNAT-gui

The desktop GUI for GNAT analyst workflows — investigations, hypothesis testing, evidence graphs, detection rule authoring, and automated reporting.

~11 slides  ·  20–30 min
Open deck →
Core platform

GNAT Core

Ingestion, normalization, STIX 2.1 conversion, and the workflow engine. For analysts and engineers evaluating the platform.

~14 slides  ·  30–45 min
Open deck →
Addon

SenseGNAT

Network behavioral profiling and anomaly detection integrated with the GNAT workflow engine.

~10 slides  ·  20–30 min
Open deck →
Addon

SandGNAT

Automated malware sandbox detonation and artifact enrichment feeding directly into GNAT investigations.

~10 slides  ·  20–30 min
Open deck →
Addon

RedGNAT

Continuous automated readiness testing with explicit safety boundaries and GNAT workflow integration.

~11 slides  ·  20–30 min
Open deck →