All Blog
Internet Weather
Threat Research
Threat Intelligence 101
3 minutes
min read

From Discovery to Attribution, RADAR Makes Threat Hunting Seamless


Threat hunting and attribution is an arduous process. Identifying pertinent data alone can be akin to finding a needle in a haystack. And once you actually find the one data point you need? Chances are you’ll have to manually move the data to another tool or screen to carry on the investigation, introducing friction, lost productivity, and possible bottlenecks or dead-ends. 

All of this introduces the possibility for user error. Even if everything goes right, any delays during an investigation can be costly. Especially if you need answers now. 

That’s where RADAR’s pivot feature steps in. With a click of a button, analysts can automatically generate prebuilt queries in Scout or Recon based on selected IPs or CIDR ranges in RADAR for deeper investigations. 

Using RADAR for Threat Hunting and Attribution

Using Team Cymru’s PureSignal data, the largest source of context-rich telemetry beyond the network edge, RADAR allows organizations to carry out threat hunting and attribution by connecting discovered infrastructure to live threat telemetry. Analysts can pivot off of any RADAR discovery directly into Scout to view recent NetFlow, PassiveDNS, and certificate activity. 

Analysts can select any returned single IP address, group of addresses, or CIDR ranges in RADAR. These can then be used as the basis for a query looking for malicious communications in Scout. With the pivot feature, the query is automatically generated and launched, bringing immediate results. 

Within seconds, you can return a near real-time list of malicious IPs communicating with your discovered infrastructure. The malicious IP data is also enriched with tags, allowing for easy filtering. 

Within Scout, analysts can further drill into the results by looking at specific communications data. This can highlight relationships between malicious IPs and known attacker infrastructure, revealing potential command-and-control patterns and shared infrastructure between campaigns. 

With just a few clicks, analysts can go from discovery in RADAR to potential attribution in Scout. 

How to Access RADAR

Through January 31, 2026, all existing Team Cymru Recon or Scout customers have complimentary RADAR access. For those interested in testing RADAR without current access, visit go.team-cymru.com/puresignal-radar to see what makes RADAR and Team Cymru’s PureSignal™ data so unique. 

#threathunting