Key features

• Data collection from different sources and in various formats.
• Data aggregation from diverse feeds, including STIX, XML, JSON, and OpenIOC.
• Enrichment capabilities, involving the removal of false positives, confidence/scoring of indicators, validation of indicators, and addition of contextual information.
• A custom threat score calculator for nuanced threat assessment.
• Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
• Threat hunting with case management and task functionalities.
• User-specific dashboards tailored for Threat Intel persona.
• Graphical visualization tools for comprehending Threat Intel data.
• A dedicated Threat Intel Analyst Workspace for streamlined operations.
• Correlation rules for automatically establishing relationships between observables.
• The system has the capability to automatically identify and extract all observables from the uploaded files.
• Integration of premium feeds to enhance threat intelligence.
• Empowering users to associate MITRE ATT&CK information with records in the Threat Intelligence library and case management.
• Integration with SIR and data migration capabilities from Threat Intelligence to Threat Intelligence Security Center.