Get MILBERT.ai FREE for 90 daysActivate Now

    Zero-Hour Threat Intelligence Feed

    Ptolemy:TEMPEST — curated, time-sensitive feed of active malicious threats.

    Add Zero-Hour Protection

    The Problem

    • Billions of threat intel messages generated daily
    • Most feeds are noisy, full of false positives
    • Old threats stay on blocklists forever

    The Solution

    • Curated feed of ACTIVE threats only
    • Updated hourly
    • Bad actors REMOVED when no longer active

    How It Works

    1

    SOC hunters discover active threats

    2

    1MC-Labs monitors dark web

    3

    Ptolemy processes 270M+ events/hour

    4

    TEMPEST delivers curated list

    5

    Your edge device pulls updates hourly

    Supported Devices

    Cisco (requires FirePower)
    SonicWall (v6.5+, CFS v4.0 license)
    Palo Alto

    Also available: Direct feed to firewalls, TAXII feeds, searchable database access.

    Frequently Asked Questions

    What is Ptolemy:TEMPEST?

    Ptolemy:TEMPEST is a curated, time-sensitive threat intelligence feed that delivers only active malicious threats. Updated hourly, stale indicators are automatically removed when threats are no longer active.

    What devices does TEMPEST support?

    TEMPEST supports Cisco (with FirePower), SonicWall (v6.5+ with CFS v4.0 license), and Palo Alto firewalls. Also available as direct feed and TAXII feeds.

    How is TEMPEST different from other threat feeds?

    Most threat feeds are noisy and never remove old indicators. TEMPEST is curated from 270M+ events processed hourly by Ptolemy, delivers only active threats, and automatically removes entries when they are no longer active.

    How often is the feed updated?

    TEMPEST is updated hourly. Your edge device pulls the latest curated list on a regular schedule.

    Get Zero-Hour Protection

    Stop threats before they reach your network with real-time, curated threat intelligence.

    Add TEMPEST