Skip to main content
The Threat Intel integration brings external security intelligence into Clarion for AI-powered triage. It is a built-in, auto-connected integration — there is no third-party account to link. Pick the monitor that matches how your intelligence is delivered; you can add both.

Choose a monitor

Threat Intel webhook

Receive structured vulnerability advisories and supply chain threat payloads from a scanner or threat-intel service via a signed inbound webhook. Real time.

RSS Feed

Subscribe to a published RSS or Atom feed — vendor security blogs, CERT/CSIRT bulletins, advisory feeds. Clarion crawls it and alerts on each new item.

Which one do I need?

Threat Intel webhookRSS Feed
DirectionYour sender pushes to ClarionClarion pulls from a URL
InputSigned JSON (vulnerability / threat)RSS 0.9/1.0/2.0 or Atom feed
LatencyReal timeCrawled every 6 hours (or on demand)
Best forScanners, vuln / supply-chain servicesSecurity blogs, CERT bulletins, advisory & release feeds
Threat Intel is auto-connected, so it already appears on the Integrations page — you only need to add the monitor you want. Both monitor types are managed from the same Threat Intel integration.
Clarion ships a built-in Threat Intelligence agent that triages advisories and feed items, correlating them to your environment. Assign it to either monitor (or both) to automate the first pass.