The problem with threat intelligence has never been the amount of data. With 9 collectors aggregating from NVD, GHSA, CISA KEV, Vulners, Abuse.ch, OTX, and RSS feeds, Valta tracks over 19,000 threats. The real problem has always been: which of those 19,000 threats are relevant to YOU, right NOW?
Traditional CTI feeds bombard you with everything. Every CVE, every advisory, every IOC. A SOC analyst receiving hundreds of alerts per day does not have time to manually assess the relevance of each one. So I built Valta's relevance scoring engine - a system that uses GPT-4.1 to evaluate each threat in the specific context of the organization.
How relevance scoring works
The engine is not a simple "ask the AI if it's important." Every threat goes through a structured pipeline: first normalization (different formats from different sources), then enrichment (correlation with MISP data, CVSS lookup, CISA KEV check), and finally scoring. The scoring prompt includes the client's technology profile, industry sector, known attack surface. The result is a contextual relevance score, not a generic one.
Valta's architecture - 17 Docker containers on FastAPI, React, PostgreSQL, Elasticsearch, Redis, and Celery - was designed for scalability. Collectors run as asynchronous Celery tasks, scoring happens in batches to optimize API costs, and Elasticsearch enables sub-second full-text searches across the entire intelligence corpus.
The part I am most proud of is the analyst gamification. Quizzes on real threats, badges for competencies, personalized learning paths. Because threat intelligence is not just about generating alerts - it is about growing the people who read those alerts.
If you want to dive deeper into this topic or need specialized consulting, let us talk.
Let's talk →