The core business of PERUN WORKS is collection, processing, analysis, production and dissemination of cyber threat intelligence.


The first step in our process is achieved by the use of Internet honeypots and users participating in Perun Works Threat Intel Cloud.


This step involves converting the vast amount of information collected into a form usable for analysis.



That is the conversion of raw information into intelligence. This includes integrating, evaluating, and analyzing available data, and preparing our products. The information’s reliability, validity, and relevance is evaluated and weighed in order to produce a quality end product. The information is logically integrated, put in context, and used to produce intelligence.

  1. Raw intelligence (individual pieces of information) is then used to produce Threat Data Feeds.
  2. Raw intelligence put together into a context including conclusions will take a form of Cyber Intelligence Reports and Executive Briefings.
    Based on the outcomes of our observations we will also be able to attribute threat activities to actors.



Raw or finished intelligence is distributed to the consumers based on their needs. This is the actual product created by PERUN WORKS. We are able to deliver information in various industry recognized standards as required by our customers.
For Threat Data Feeds those will be:

  1. Indicators Of Compromise (IOC),
  2. Intrusion Detection/Prevention System rules,
  3. Blacklists.

For Intelligence this will be:

  1. Reports including Attribution information,
  2. Executive Briefings.