threat command runs a local instance of the Panguard Threat Cloud — a threat intelligence server that aggregates indicators of compromise (IoCs), campaign data, and attacker profiles from your Guard agents and Trap honeypots. It provides a REST API and real-time dashboard for threat analysis.
Usage
Subcommands
| Subcommand | Description |
|---|---|
start | Start the Threat Cloud server |
stats | Show threat intelligence statistics without starting the server |
Options
Port for the Threat Cloud API and dashboard.
Host address to bind the server to. Use
0.0.0.0 to listen on all interfaces.Path to the SQLite database for storing threat intelligence data. Defaults to
~/.panguard/threat/threat.db.Examples
Intelligence Sources
The Threat Cloud aggregates data from:| Source | Data Type |
|---|---|
| Guard agents | Process anomalies, network indicators, file hashes |
| Trap honeypots | Attacker IPs, credentials used, exploit payloads |
| Community feeds | Public IoC feeds, STIX/TAXII sources |
| Manual upload | Custom IoC lists via API |
Related
Threat Cloud Overview
Architecture and design of the Threat Cloud system.
Threat Cloud Deployment
Production deployment guide for Threat Cloud.
Privacy
Data handling and privacy policies for threat data.
panguard trap
Honeypots feed intelligence into Threat Cloud.