Acalvio ShadowPlex Targeted Threat Intel is a deception-based threat intelligence platform that deploys external-facing decoys to detect reconnaissance and credential-based attacks. The platform uses realistic decoys for web applications, APIs, and IPv6 IIoT services positioned at the digital perimeter to identify early-stage attacker activity. The system detects reconnaissance activities including scanning of external assets, probing of web applications and APIs, and credential abuse such as password spraying, brute-force attempts, and credential stuffing campaigns. When attackers interact with decoys, the platform captures IP addresses, credentials used in attacks, and attack patterns. ShadowPlex delivers threat intelligence in real-time using STIX and other standard formats. The platform provides visibility into attacker infrastructure and tactics, enabling security teams to conduct threat hunting by correlating external attack data with internal logs. Deployment options include a fully managed cloud service or on-premises/cloud appliance. The managed service option hosts decoys externally to isolate attacker traffic from production networks. The platform includes a management console for configuring decoys, viewing threat intelligence, generating scheduled reports, and managing integrations. The solution is built on Acalvio's cyber deception technology and integrates with EDR/XDR platforms and SIEM/SOAR solutions to support incident response workflows.