ICS threat actor profile lookup. Pass ?name=SANDWORM. Fetches live data from MITRE ATT&CK for ICS (STIX bundle) + CISA ICS advisories, enriched by DeepSeek. Returns: MITRE technique mappings (ICS-specific T-codes), known malware/tools, related groups, recommended OT detections, attribution, physical impact assessment, and last known activity. Works for any known ICS threat actor — not limited to a fixed list. Alias lookup supported (e.g. Volt Typhoon → VOLTZITE, APT44 → SANDWORM).

ICS threat actors by industrial sector. Pass ?sector=energy. Returns all known ICS threat groups targeting that sector from live MITRE ATT&CK for ICS STIX data. Covers energy, water, manufacturing, oil-and-gas, chemical, transportation, nuclear. Ideal for sector-specific OT threat intelligence and ICS risk assessments.

Latest CISA ICS-CERT security advisories filtered by vendor or sector. Pass ?vendor=siemens or ?sector=energy (or both). Pulls live from the CISA ICS advisories RSS feed, parses advisory IDs, CVSS scores, CVE lists, severity, and vendor match. Returns up to 25 results. Use limit= to control count.

OT-contextualised CVE triage for ICS/SCADA environments. Pass ?id=CVE-XXXX-XXXX. Returns OT-adjusted severity (recalculated from NVD CVSS for the affected ICS layer), cyber-physical impact category, patch feasibility without downtime, CISA KEV status, and a prioritised recommended action. Enriched by DeepSeek LLM for ICS-specific context. Every call returns fresh data from NVD, CISA-KEV, and DeepSeek.

SCADA/ICS internet-exposed device lookup for industrial control systems. Pass ?vendor=siemens&model=s7-1200. Returns default credential risk, at-risk OT protocols (Modbus/502, DNP3/20000, S7comm/102), exploitation notes, and hardening action. Covers Siemens, Schneider, Rockwell, Honeywell, GE, Unitronics, Beckhoff.

IOC enrichment with ICS/OT campaign context. Pass ?value=1.2.3.4&type=ip (or type=domain). Queries AlienVault OTX (reputation, pulse count, OT-tagged feeds) + AbuseIPDB (abuse confidence score, ISP, Tor node detection) + DeepSeek CTI analysis for known ICS threat actor association and campaign context. Returns structured verdict on whether the IOC is linked to OT-targeting campaigns. Cheapest endpoint at $0.01.

OT/ICS patch feasibility assessment for a CVE ID. Pass ?id=CVE-XXXX-XXXX. Returns patch availability (from NVD references), vendor advisory URLs, OT-safe workarounds, patch complexity for the affected ICS layer, estimated downtime in minutes, whether safe to patch live, recommended maintenance window, deployment strategy, CISA KEV status, and a risk-vs-disruption score (1–10 with rationale). DeepSeek-enriched.