What this endpoint does

Returns the threat actor threat map for a specific organization in a multi-org enterprise. Identical in structure to Threat Actor Threat Map but requires an explicit orgId path parameter. Obtain valid orgId values (uhash format, e.g., uhash:5XdwuI1B1E) from the organization.id field in Available Threat Maps. Filter by actor entity IDs (from Threat Actor Search), category IDs (from Threat Actor Categories), or watchlist IDs.

Response data

Returns a prioritized assessment of which threat actors pose the greatest risk to your specific organization. Each actor carries intent and opportunity scores (0–100) reflecting how likely they are to target your organization and how capable they are of doing so — higher scores in both dimensions mean higher priority. Log entries are the evidence trail: each one links a threat actor to your organization's watchlists (tech stack, methods, target sectors) via specific entities (CVEs, MITRE techniques, malware tools), with severity ratings and the axis of relevance (capability, intent, or opportunity). Use this to brief leadership on your organization's threat landscape or to prioritize which actors warrant hunting campaigns. The response can be large (hundreds of KB) when many actors match your watchlists.