Fast local IoC matching for analyst workflows.

Matchy brings threat intelligence matching into the places analysts already work: sensors, packet tools, log pipelines, search, scripts, and local investigations.

The browser workbench matches locally with a generated public ThreatFox feed. Dropped files are not uploaded.

Integrated where investigations happen.

Matchy is an engine first. The same database format and matching behavior can sit behind packet analysis, network telemetry, ingest pipelines, and command-line hunts.

Try the engine before installing anything.

Open the browser workbench, drop evidence, and match extracted indicators locally against a generated public ThreatFox recent feed.

Open the browser workbench
cli handoff
matchy build threatfox.csv \
  --output threats.mxy \
  --input-format csv

matchy match threats.mxy auth.log --stats

One database, many surfaces.

Build compact `.mxy` databases for IPs, CIDRs, exact strings, domains, hashes, and glob patterns.

Local by default.

Match evidence where it already lives: in the browser, on the command line, inside sensors, or in ingest paths.

Ready for builders.

Use the Rust library, C API, Java wrapper, CLI, and plugin examples to embed matching into your own tools.