We embed alongside your team for two weeks: wire up the data plane, customise feed cadences, tune enrichment for your stack, train tier-1 and tier-2 analysts on the dashboard, and ship one playbook end-to-end.
Scope
Production-ready compose / Helm deployment
Custom feed onboarding (up to 3 non-standard sources)
Two 90-minute analyst-training sessions
One bespoke playbook authored and shipped
Threat-modeling engagement
4 weeks
Industry-tailored adversary mapping
Custom threat modeling for your sector. We map adversary groups likely to target your industry, identify the techniques they prefer, and tune the platform to surface signals in that subset first.
Scope
Sector-specific adversary catalogue
MITRE ATT&CK coverage assessment against your stack
Custom detection-rule recommendations
Written deliverable + interactive graph
Detection-engineering uplift
6 weeks
Rule authoring + tuning, with you, on your stack
We pair with your detection engineers to author Sigma + YARA rules tuned to your environment. Outputs include a tested rule pack, a CI workflow for rule changes, and documentation for ongoing maintenance.
Scope
Rule authoring across 6 priority ATT&CK techniques
False-positive triage and tuning on your historical data
GitOps workflow for rule changes
Knowledge-transfer sessions with your team
Analyst training program
5 weeks
Multi-week, cohort-based, hands-on
Five-week training program covering threat-intel fundamentals, the Rinjani platform end-to-end, MITRE ATT&CK in practice, and a capstone incident. Designed for analyst cohorts of 4–12.
Scope
20 hours of live instruction across five weeks
Realistic lab environment per cohort member
Capstone incident graded against a rubric
Optional certification on completion
Managed intelligence
Annual
We run the platform; you read the briefings
For teams that want the intelligence without the operational lift. We host, run, and tune Rinjani on your behalf; you receive weekly threat briefings, ad-hoc alert-routing, and direct Slack access to the research team.
