Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you
Our mission is to help cybersecurity experts to consolidate their knowledge about all publicly available threat intelligence sources in one convenient service.
It is important to respond promptly to every new emerging threat. We provide full context around triggered indicators of compromise to fulfil the needs of quick and informed decision.
Many indicators come with no threat context. This makes it difficult to make a decision should we block based on the indicators or not.
Looking at an indicator it is crucial to have additional information such as: when it was first seen in the wild, who owns that IP or domain, where it is hosted geographically and which well-known hosting provider is used.
After IoCs are being aggregated from multiple sources we contextualise them by adding:
Every day hundreds of threats are targeting every organisation who is actively using the Internet in their day-to-day business. This may cause thousands of alerts daily to be monitored and analysed.
Having such a big flow of everyday alerts it is important to sort them by score and start an investigation of the most critical first. We rank every indicator using our algorithms to assign an appropriate score and help you to look at only the relevant piece of information.
Indicators are temporarily in nature and some may be added incorrectly
The occurrence of Type I (false positive) errors and Type II (false negative) errors when you deal with Indicators of Compromise is usual and annoying.
We cross-verify the feeds and also perform additional sanitising checks to determine relation to: