One database, many surfaces.
Build compact `.mxy` databases for IPs, CIDRs, exact strings, domains, hashes, and glob patterns.
Matchy brings threat intelligence matching into the places analysts already work: sensors, packet tools, log pipelines, search, scripts, and local investigations.
The browser workbench matches locally with a generated public ThreatFox feed. Dropped files are not uploaded.
Matchy is an engine first. The same database format and matching behavior can sit behind packet analysis, network telemetry, ingest pipelines, and command-line hunts.
Open the browser workbench, drop evidence, and match extracted indicators locally against a generated public ThreatFox recent feed.
Open the browser workbenchmatchy build threatfox.csv \
--output threats.mxy \
--input-format csv
matchy match threats.mxy auth.log --stats
Build compact `.mxy` databases for IPs, CIDRs, exact strings, domains, hashes, and glob patterns.
Match evidence where it already lives: in the browser, on the command line, inside sensors, or in ingest paths.
Use the Rust library, C API, Java wrapper, CLI, and plugin examples to embed matching into your own tools.