threat-report
The threat-report is an AI-driven reporting tool that generates a comprehensive cyber threat intelligence report within Canva automated security workflows. It consolidates multiple intelligence domains into a single, executive-ready document covering an executive summary, the incident landscape, threat actor behaviour, attack techniques and malware trends, ransomware activity, and the top trending CVEs for a chosen sector and time window.
Ideal Use Cases & Fit
This tool excels at periodic threat landscape reporting, such as monthly or quarterly briefings tailored to a specific industry sector and aimed at security leadership. It is well suited to producing shareable, presentation-grade deliverables that summarise the threat environment across several domains at once. It is less applicable for real-time alerting or for single-indicator lookups, where a more focused, targeted tool would be appropriate.
Value in Workflows
Integrating threat-report into security workflows adds value at the reporting and post-processing stages, where disparate intelligence findings are synthesised into a coherent narrative. By automatically drafting and assembling each section into a styled report, it allows teams to deliver consistent, repeatable threat briefings on a regular cadence. The tool can produce a polished PDF or HTML document for distribution, or structured JSON for incorporation into downstream pipelines and knowledge bases.
Input Data
The threat-report accepts the following input data:
- Format: Optional configuration file in JSON
- Function: Override the report configuration (sector, date range, and candidate count)
- Required fields: None
- Example:
{"sector": "finance", "from_date": "2026-03-15", "to_date": "2026-04-14", "candidate_count": 12}
When provided, the configuration file takes precedence over the equivalent parameters. The file is optional: if it is absent, empty, or malformed, it is ignored and the report falls back to the parameter values.
Configuration
- sector: Target sector for the report. Choose from
all,finance,government,energy,health,technology,hospitality,telco, orretail. Selectingallapplies no sector filtering. - from-date: Start of the reporting window.
- to-date: End of the reporting window.
- output-format: Final artifact format. Choose
pdffor a rendered report,htmlfor a styled web version, orjsonfor the assembled report data without rendering. - candidate-count: Maximum number of key-incident timeline entries to include in the report.
This structured approach lets workflow builders tailor the scope, period, and presentation of each briefing to their specific reporting needs. Updated: 2026-06-12