I had a bit of downtime this week and decided to do some light vibe coding around an idea I have been curious about for a while: using Azure Maps as a way to visualize high-level security intelligence.
Most threat intelligence lives in tables, reports, and long write-ups. That format works well for analysts, but it is not always great for quickly communicating patterns or context. I wanted to see what it might look like to step back and look at threat actors geographically, at a very high level, using a world map.
This is an early experiment, not a finished product. Click below for the live demo, wait 20 seconds for the data to render.
The data behind the map
For this demo, I built a list of threat actors using two public sources:
- https://breach-hq.com/threat-actors
- https://learn.microsoft.com/en-us/unified-secops/microsoft-threat-actor-naming
I intentionally excluded actors that do not have a clear country attribution. Country-level visualization falls apart quickly when attribution is vague, and this project is meant to be illustrative rather than authoritative.
The resulting dataset includes just over 500 actors. That number is higher than what Microsoft typically tracks as actively operating at any given time, which is often cited as under 300 groups. Different sources define and count actors differently, and that is part of the point. This demo is about visualization, not definitive attribution.
What the demo does
The demo is a single, self-contained HTML file using the Azure Maps Web SDK. Countries are shaded based on the number of attributed threat actors, with higher concentrations rendered in brighter colors. Hovering over a country reveals a side panel with basic context and a list of actors.
There are no pin drops, no real-time signals, and no attempt to imply physical actor locations. This is purely contextual.
I am hosting the file on WordPress so it can be viewed directly in a browser.
About the Azure Maps key
For simplicity, the demo includes an active Azure Maps key so it works immediately. If you want to experiment with it yourself, you can copy the HTML file, create your own Azure Maps resource, and replace the key with your own.
For production use, this approach would obviously need to change. For learning and experimentation, it keeps the barrier to entry low.
Why Azure Maps?
Azure Maps is usually associated with routing, logistics, or IoT scenarios, but it turns out to be a surprisingly flexible canvas for high-level security storytelling. This project barely scratches the surface, but it was enough to convince me there is room to explore how maps can add context to security conversations, especially for non-analyst audiences.
For now, this is just an idea in motion and a way to learn the platform a bit better during a quiet week.