We built AEGIS to solve a specific problem: MSSPs spending too many hours on manual threat intelligence work that should be automated. Here's what we're building next.
Since launch, AEGIS has been focused on the core workflow: ingest threat data from authoritative sources, map it against each client's security stack, identify gaps, and generate reports. That foundation is solid. Now we're expanding into the areas our early users keep asking about.
Automated Detection Rule Generation
When AEGIS identifies a coverage gap - a MITRE technique that no tool in the client's stack addresses - the natural next question is "now what?" Today, the answer is a recommendation. Soon, it'll be a concrete detection rule.
We're building a system that generates Sigma-format detection rules mapped to specific coverage gaps. If your client has no detection for T1053 (Scheduled Task/Job) and their SIEM is Splunk, AEGIS will generate a ready-to-deploy Splunk query. That turns a gap analysis finding into an actionable deliverable you can hand directly to the client's SOC team.
Client-Facing Portal
Right now, AEGIS is built for the MSSP analyst. Your clients see the output through reports you send them. We're adding a read-only client portal where your clients can log in and see their own coverage posture, KEV status, and remediation tracking - all branded with your logo.
This means your clients get self-service access to their security posture without you having to schedule a call every time they have a question. It also gives them something to show their board and their auditors directly.
Expanded Threat Feed Integrations
AEGIS currently pulls from CISA KEV, MITRE ATT&CK, SANS, and curated news sources. We're adding direct integration with vendor-specific advisory feeds and expanding EPSS scoring across the full CVE corpus. The goal is for AEGIS to be the single pane of glass where an MSSP triages every relevant threat across every client.
Report Templates & Custom Sections
The report generator today produces a standardized threat intelligence report. We're adding customizable templates so you can build reports tailored to specific audiences - a board-level summary, a technical deep-dive for the SOC, or a compliance-focused report for the auditor. Mix and match sections, set per-client defaults, and schedule each template on its own cadence.
API Access
For providers who want to integrate AEGIS data into their existing tooling - PSA platforms, ticketing systems, custom dashboards - we're building a REST API. Pull coverage scores, gap lists, KEV status, and report data programmatically. Automate ticket creation when a new KEV matches a client's stack. Push coverage metrics into your existing reporting pipeline.
What We Won't Build
AEGIS is a threat intelligence platform, not a SIEM, not an EDR, and not a ticketing system. We're not trying to replace the tools in your stack - we're building the intelligence layer that makes them all more effective. Every feature we add will stay focused on that mission: helping security teams understand their coverage, identify their gaps, and communicate their posture clearly.
Try It
If any of this resonates with the problems you're solving for your clients, we'd love to show you where AEGIS is today and where it's heading. No slide deck, no pitch - just a live walkthrough of your own environment.
Want early access to upcoming features? Get in touch and we'll add you to the beta list.