Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
DocIntel is an open-source threat intelligence platform centered on intelligence context. Its core goal is to consolidate threat reports scattered across analysts’ folders, email, private portals, commercial sources, and RSS feeds into a shared team knowledge base. It does not focus on direct protection capabilities such as firewalls or EDR, nor is it centered on technical indicators or domain models. Instead, it helps CTI teams organize, search, rate, and reuse intelligence materials.
In terms of protection category, DocIntel is best understood as a threat intelligence management and analysis support tool. It covers several stages: collection, processing and utilization, analysis and production, and dissemination. It can automatically collect reports from mailboxes, commercial sources, and RSS feeds; during preprocessing, it extracts vulnerabilities, TLP markings, threat actor names, and observables such as IP addresses and domains. It supports full-text search and tag-based filtering, and can recognize defanged IOCs such as 1[.]2[.]3[.]4 and example[.]org. For management, it provides tagging, source tracking, source reliability ratings, access control, and the ability to proactively distribute new intelligence to analysts and stakeholders. On the integration side, the text explicitly mentions full API support and a Python client, allowing it to connect with existing tools for alert contextualization or knowledge-base queries.
Pricing information is limited. The text states that DocIntel is open-source and notes that users can contact the official email address for commercial support, specific development needs, or a fully-managed instance, but it does not disclose pricing, SLA terms, payment methods, or hosting regions. Deployment can be understood as self-hosting the open-source version, with the possibility of a managed instance as well. However, system requirements, operational complexity, and versioning strategy are not covered in the text. Compliance certifications are also not disclosed.
Its main advantage is clear positioning: it does not try to replace platforms such as OpenCTI or MISP, which are more focused on indicators and data models. Instead, it fills the gap around “report context” and “analysis material” management. It is well suited to day-to-day intelligence monitoring, SOC alert attribution and traceability, quarterly strategic intelligence analysis, incident response, and forensic support. Its limitation is that its value depends on the maturity of an organization’s intelligence workflow. If a team only needs a simple IOC repository or automated blocking, it is not the best standalone tool. In addition, the official text does not provide details on compliance, pricing, deployment, or service capabilities, so enterprises should validate these points further before procurement.
Access from mainland China is not addressed in the text, and payment methods and local support are also unknown. If stable access is not available or if domestic/localized services are required, teams can evaluate self-hosted MISP, OpenCTI, or platforms from local threat intelligence vendors. If the focus is on a report knowledge base and CTI collaboration, DocIntel is better suited as a complement to those platforms.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on docintel.org official site.
docintel.org is an Unknown Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach docintel.org directly.