Skip to main content
JS
Jacob Santos

Jacob Santos

Threat Hunter, Researcher and Builder

Sr. Threat Researcher | Trend AI
17
Articles
14
Threads
10+
Tools
10+
Talks
Experience
Tools & Automation

Tools & Automation

Production tools built for real threat hunting operations.

Production tools built for real threat hunting operations -- not side projects, operational infrastructure.

Threat Inquiry Pipeline

Threat Inquiry Pipeline

Multi-Agent AI Threat Triage Automation

Multi-version AI pipeline system for automating the full threat inquiry lifecycle. The latest version uses an 11-agent architecture with phase quality gates, parallel enrichment, and agent metrics — covering intake, OSINT, IOC enrichment, detection coverage, response drafting, visual generation, and documentation publishing. Runs autonomously from email to published report.

Dramatically reduced threat inquiry response time — what previously required days of manual effort now resolves in minutes with structured, consistent output
PythonClaude AIMulti-Agent ArchitectureVirusTotal APIOSINTConfluence APIWebSocket
Multi-Agent · End-to-End Production
Threat Intelligence Platform

Threat Intelligence Platform

Unified TI Analysis & Reporting Dashboard

Team-Wide Adoption Prod

Full-featured platform that curates cybersecurity RSS feeds, news, and articles into actionable intelligence. Generates concise reports from single or multiple sources, extracts IOCs, verifies detection coverage, produces CTI-ready JSON output with hunting queries, and auto-publishes to the team wiki — all in one workflow.

Adopted as the team's primary analysis workflow, replacing numerous separate tools and cutting research-to-report time dramatically
PythonStreamlitAzure OpenAIConfluence APIRSS/OSINT
Infrastructure Hunting Toolkit

Infrastructure Hunting Toolkit

Adversary C2 & Infrastructure Mapping System

Proactive Hunting Prod

Methodology and tooling for adversary infrastructure identification using Shodan, Censys, FOFA, and passive DNS. Maps C2 servers through SSH key pivoting, SSL certificate analysis, HTTP header fingerprinting, ASN attribution, and cloud provider mapping — turning network artifacts into threat actor attribution.

Identified active C2 infrastructure across multiple campaigns, enabling proactive detection ahead of broader threat activity
PythonShodan APICensys APIFOFAPassive DNSSSL AnalysisOSINT
Security Automation Suite

Security Automation Suite

Purpose-Built Tools for Analysis, Reporting & Documentation

13+ Production Tools Prod

Collection of purpose-built tools covering RAG-powered report generation, malware-as-a-service analysis, PowerPoint threat brief analysis, AI chatbot for threat queries, BEC investigation workflows, and security log analysis — each automating a recurring analyst task.

Automated numerous recurring documentation and analysis workflows, replacing manual processes that previously consumed significant analyst time each week
PythonAzure OpenAIConfluence APIRAG
CTI Platform Connector

CTI Platform Connector

AI-to-Threat-Intelligence Bridge

MCP · Production Prod

Model Context Protocol server that connects AI assistants directly to a production threat intelligence platform, enabling natural language queries against indicators, campaigns, relationships, and labels — bridging the gap between AI tooling and operational threat data.

Connected AI workflows to a large corpus of threat indicators, enabling natural-language CTI queries that previously required manual platform navigation
PythonFastMCPpyctiOpenCTI API
Security Data Lake Platform

Security Data Lake Platform

Databricks-Powered Threat Intelligence Search Dashboard

Big Data · Threat Intel Prod

Web-based threat intelligence search platform built on Databricks that queries large-scale security telemetry in real time. Features a FastAPI REST backend, an interactive web dashboard, and MCP-connected analyst tools for searching IP addresses, file hashes, domains, URLs, email indicators, detections, and event prevalence across multiple security datasets.

Reduced IOC investigation from lengthy manual queries across disconnected datasets to near-instant lookup across a unified security data lake
PythonDatabricksFastAPISQLMCP SDKREST API
Autonomous AI Dev Platform

Autonomous AI Dev Platform

Multi-Model AI Pipeline & Development Orchestration System

Multi-Model · Autonomous Pipelines Prod

Desktop platform for orchestrating autonomous AI development pipelines across a large pool of models from multiple providers. Includes multi-model routing with cost governance, event-driven triggers, safety guardrails, session persistence, and real-time streaming — capable of running end-to-end pipelines that plan, implement, test, and document code without manual intervention.

Runs complete autonomous development workflows end-to-end, allowing complex work to proceed unattended and be ready for review on return
Node.jsExpressWebSocketSQLiteTypeScriptREST APIMulti-Model AI
Tech Stack
PythonClaude AIAzure OpenAIFastMCPStreamlitShodan APICensys APIPassive DNSVirusTotal APIOpenCTIpyctiConfluence APIRAGOSINT
Built for the team, used every day

Every tool here was born from a real threat hunting workflow pain point -- from inquiry triage and infrastructure hunting to threat intelligence analysis and report generation.