EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Partnerships

EclecticIQ partners with the world’s premier technology and solution providers to support all phases of your cyberdefenses.

  • Integration Partners

    Extend and customize the EclecticIQ Platform to meet your specific cybersecurity needs by connecting with top providers of threat ... Read more

    Extend and customize the EclecticIQ Platform to meet your specific cybersecurity needs by connecting with top providers of threat intelligence and centralized sources of technical data, as well as a full range of IT security solutions deployed within the enterprise.

    Integrations also extend to ISACs and other information-sharing groups using STIX/TAXII standards and other data formats.

  • Commercial Vendors

    Address your cybersecurity needs by engaging with our global cadre of distinguished Resellers, VARs and consultants who fuse their ... Read more

    Address your cybersecurity needs by engaging with our global cadre of distinguished Resellers, VARs and consultants who fuse their unique expertise and market understanding with our innovative, intelligence-led solutions.

  • Community Partners

    Learn more about intelligence-led cybersecurity and prepare your practitioners to defend against threats to your organization by joining ... Read more

    Learn more about intelligence-led cybersecurity and prepare your practitioners to defend against threats to your organization by joining our collaborative community partners.

  • Managed Service Providers

    EclecticIQ works with a wide range of service providers – like Incident Responders & DFIRs, MSSPs, MDRs and more – to meet the needs ... Read more

    EclecticIQ works with a wide range of service providers – like Incident Responders & DFIRs, MSSPs, MDRs and more – to meet the needs of customers by leveraging the scope, power and extensibility of our intelligence-led cybersecurity solutions.

  • AlienVault Open Threat Exchange

    AlienVault Open Threat Exchange

    Technology Integration

    AlienVault Open Threat Exchange

    Technology Integration

    AlienVault Open Threat Exchange

    The AlienVault Open Threat Exchange (OTX) is a system for sharing threat intelligence among OSSIM users and AlienVault customers.

    Partner website
  • Amazon S3

    Amazon S3

    Technology Integration

    Amazon S3

    Technology Integration

    Amazon S3

    Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.

    Partner website
  • Binary Defense Artillery

    Binary Defense Artillery

    Technology Integration

    Binary Defense Artillery

    Technology Integration

    Binary Defense Artillery

    Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems.

    Partner website
  • BitDefender

    BitDefender

    Technology Integration

    BitDefender

    Technology Integration

    BitDefender

    The Bitdefender Advanced Threat Intelligence solution helps security professionals gain visibility into the latest threats by using up-to-date, contextual intelligence on URLs, IPs, domains, certificates, files, Command and Control servers and Advanced Persistent Threats.

    Partner website
  • BitSight Anubis Cyberfeeds

    BitSight Anubis Cyberfeeds

    Technology Integration

    BitSight Anubis Cyberfeeds

    Technology Integration

    BitSight Anubis Cyberfeeds

    AnubisNetworks Cyberfeed allows customers to obtain threat intelligence on real-time security events, with monitoring of countries, organizations and their subsidiaries.

    Partner website
  • CAPEC - Common Attack Pattern Enumeration and Classification

    CAPEC - Common Attack Pattern Enumeration and Classification

    Technology Integration

    CAPEC - Common Attack Pattern Enumeration and Classification

    Technology Integration

    CAPEC - Common Attack Pattern Enumeration and Classification

    Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.

    Partner website
  • Censys

    Censys

    Technology Integration

    Censys

    Technology Integration

    Censys

    Censys is an Internet-wide scanning system and database that aims at listing all devices and networks that compose the Internet. Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

    Partner website
  • CIRCL Passive SSL

    CIRCL Passive SSL

    Technology Integration

    CIRCL Passive SSL

    Technology Integration

    CIRCL Passive SSL

    CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address, which makes it searchable for incident handlers, security analysts or researchers. The Passive SSL enricher will retrieve domains and IP’s associated with an SSL Certificate hash.

    Partner website
  • Cisco OpenDNS / OpenResolve

    Cisco OpenDNS / OpenResolve

    Technology Integration

    Cisco OpenDNS / OpenResolve

    Technology Integration

    Cisco OpenDNS / OpenResolve

    Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and OpenDNS. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.

    Partner website
  • Cisco Threat Grid

    Cisco Threat Grid

    Technology Integration

    Cisco Threat Grid

    Technology Integration

    Cisco Threat Grid

    Cisco Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world. Threat Grid content feeds are pre-generated, curated sets of behavioural indicators that are produced in the Threat Grid Cloud infrastructure from sample analysis results. Feeds are used by organizations and partners for targeted threat intelligence, by focusing on the specific types of threats faced by particular industries.

    Partner website
  • Cisco Umbrella

    Cisco Umbrella

    Technology Integration

    Cisco Umbrella

    Technology Integration

    Cisco Umbrella

    The Cisco Umbrella API helps analysts quickly understand registration details, similar domains and potential malicious ties to observable data. With this integration, analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. Combining this integration with EclecticIQ Platform enables analysts to dynamically build a repository of intelligence relating to domain activity.

    Partner website
  • Cofense PhishMe

    Cofense PhishMe

    Technology Integration

    Cofense PhishMe

    Technology Integration

    Cofense PhishMe

    Cofense PhishMe is the leading provider of human-driven phishing defense solutions worldwide. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. Cofense enables thousands of global organizations to stop attacks in progress faster and stay ahead of breaches.

    Partner website
  • Common Vulnerabilities and Exposures (CVE)

    Common Vulnerabilities and Exposures (CVE)

    Technology Integration

    Common Vulnerabilities and Exposures (CVE)

    Technology Integration

    Common Vulnerabilities and Exposures (CVE)

    Enrich intelligence with exploit target information, from the standard source of vulnerabilities and exposures: the MITRE corporation. The enricher and feed uses the Computer Incident Response Center Luxembourg (CIRCL) cve-search API to retrieve all the available details.

    Partner website
  • Cortex XSOAR (formerly Demisto)

    Cortex XSOAR (formerly Demisto)

    Technology Integration

    Cortex XSOAR (formerly Demisto)

    Technology Integration

    Cortex XSOAR (formerly Demisto)

    This integration harnesses the rich, aggregated threat intelligence from EclecticIQ within Demisto for automated playbook-driven incident data enrichment and response. With Demisto Enterprise, security analysts also get a centralized platform for collaboration, investigation and reporting to facilitate their investigation process and remove the need to pivot between multiple tools.

    Partner website
  • CrowdStrike Falcon Insight / EDR

    CrowdStrike Falcon Insight / EDR

    Technology Integration

    CrowdStrike Falcon Insight / EDR

    Technology Integration

    CrowdStrike Falcon Insight / EDR

    CrowdStrike® Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics. This ensures nothing is missed, leaving attackers with no place to hide. Falcon Insight provides organizations with state-of-the-art endpoint detection and response (EDR), following an approach recommended by top analyst firms such as Gartner.

    Partner website
  • Crowdstrike Falcon Intelligence

    Crowdstrike Falcon Intelligence

    Technology Integration

    Crowdstrike Falcon Intelligence

    Technology Integration

    Crowdstrike Falcon Intelligence

    Crowdstrike is a global leader in the cloud-delivered next-generation endpoint protection. With a single lightweight agent, CrowdStrike is the first company to unify next-generation antivirus that includes machine learning and behavioral analytics, endpoint detection and response (EDR), and a 24/7 managed hunting service all in one lightweight agent. Falcon Intelligence TM is a cost-effective program tailored to each company’s needs and requirements and addresses the legal and technical aspects of preventing harm that results from a cyberattack.

    Partner website
  • CyberCrime Tracker

    CyberCrime Tracker

    Technology Integration

    CyberCrime Tracker

    Technology Integration

    CyberCrime Tracker

    Cyber Crime Tracker is dedicated to providing an API driven IP address and domain data feed for the tracking and blacklisting of C&C server, botnet activity.

    Partner website
  • Cybereason Endpoint Detection and Response (EDR)

    Cybereason Endpoint Detection and Response (EDR)

    Technology Integration

    Cybereason Endpoint Detection and Response (EDR)

    Technology Integration

    Cybereason Endpoint Detection and Response (EDR)

    Using the Cyberreason Defense Platform, users are able to leverage the power of EclecticIQ Platform. Users can receive IOCs from the platform to trigger security alerts, and send sightings back to EclecticIQ Platform.

    Partner website
  • Digital Shadows SearchLight

    Digital Shadows SearchLight

    Technology Integration

    Digital Shadows SearchLight

    Technology Integration

    Digital Shadows SearchLight

    Digital Shadows SearchLight protects against external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation.

    Partner website
  • DomainTools

    DomainTools

    Technology Integration

    DomainTools

    Technology Integration

    DomainTools

    DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

    Partner website
  • DomainTools Domain Profile

    DomainTools Domain Profile

    Technology Integration

    DomainTools Domain Profile

    Technology Integration

    DomainTools Domain Profile

    DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

    Partner website
  • DomainTools Reverse IP Whois

    DomainTools Reverse IP Whois

    Technology Integration

    DomainTools Reverse IP Whois

    Technology Integration

    DomainTools Reverse IP Whois

    The Whois Lookup API provides the ownership record for a domain name or IP address with basic registration details. The API is optimized to respond quickly and is designed to handle a high volume of parallel requests. This is the ideal product to use if you have a busy web site or a long list of domains that you need to process.

    Partner website
  • Dragos

    Dragos

    Technology Integration

    Dragos

    Technology Integration

    Dragos

    As a leading provider of industrial control systems cybersecurity, the Dragos threat detection and response platform codifies decades of real-world experience in advanced threat analytics. It provides operational and information technology practitioners unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape. Through the integration with EclecticIQ Platform, Threat Intelligence Analysts now have access to relevant reports, Indicators, Threat Actors, TTPs and observables that Dragos provides for this unique threat landscape.

    Partner website
  • DShield

    DShield

    Technology Integration

    DShield

    Technology Integration

    DShield

    DShield provides a platform for users of firewalls and intrusion detection systems to share intrusion information. This data is cataloged and summarized and can be used to discover trends in activity, confirm widespread attacks. This data is accessable through the Internet Storm Center/DShield REST API. DShield is a free and open service.

    Partner website
  • EclecticIQ Browser Extension

    EclecticIQ Browser Extension

    Technology Integration

    EclecticIQ Browser Extension

    Technology Integration

    EclecticIQ Browser Extension

    The Browser Extension is an add-on for your web browser, specifically made for EclecticIQ Platform. It lets analysts quickly and easily process both external threat data found in human-written reports and machine-generated data from internal security controls. Analysts can capture the data, structure it and subsequently ingest it into their Platform in one flow, without ever leaving the page they are on.

  • EclecticIQ Custom Integrations

    EclecticIQ Custom Integrations

    Technology Integration

    EclecticIQ Custom Integrations

    Technology Integration

    EclecticIQ Custom Integrations

    Besides the integrations listed above, organizations can configure their own custom integration based on the following standards:

    • ArcSight CEF
    • EclecticIQ CSV
    • EclecticIQ JSON
    • Email (IMAP)
    • File system
    • FTP Push
    • HTTP Download
    • STIX 1.2
    • Syslog (UDP/TCP)
    • TAXII (Poll/Push)
    • Plain text (e.g. Snort Rules, Yara Signatures)

  • EclecticIQ FortiSOAR connector

    EclecticIQ FortiSOAR connector

    Technology Integration

    EclecticIQ FortiSOAR connector

    Technology Integration

    EclecticIQ FortiSOAR connector

    The EclecticIQ FortiSOAR connector, facilitates automated interactions, with the EclecticIQ platform using FortiSOAR playbooks. Add the EclecticIQ connector as a step in FortiSOAR playbooks and perform automated operations, such as retrieving reputations of domains, URLs, IP addresses, etc., from EclecticIQ, querying the EclecticIQ platform for entities, and creating sighting in the EclecticIQ platform.

  • EclecticIQ Security Controls

    EclecticIQ Security Controls

    Technology Integration

    EclecticIQ Security Controls

    Technology Integration

    EclecticIQ Security Controls

    Help your system administrators to respond faster to attempted intrusions by adding essential context to your IT security controls. Integrate real-time threat intelligence into:

    • Snort
    • Suricata
    • Any standards-based IPS/IDS

  • EclecticIQ STIX-formatted data

    EclecticIQ STIX-formatted data

    Technology Integration

    EclecticIQ STIX-formatted data

    Technology Integration

    EclecticIQ STIX-formatted data

    Any data provided in STIX (1.0, 1.1.1, 1.2) format, including FS-ISAC and MISP feeds.

  • Farsight Security DNSDB

    Farsight Security DNSDB

    Technology Integration

    Farsight Security DNSDB

    Technology Integration

    Farsight Security DNSDB

    Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

    Partner website
  • FireEye iSIGHT Intelligence

    FireEye iSIGHT Intelligence

    Technology Integration

    FireEye iSIGHT Intelligence

    Technology Integration

    FireEye iSIGHT Intelligence

    FireEye iSIGHT Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem.

    Partner website
  • Flashpoint

    Flashpoint

    Technology Integration

    Flashpoint

    Technology Integration

    Flashpoint

    Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.

    Partner website
  • FS-ISAC

    FS-ISAC

    Technology Integration

    FS-ISAC

    Technology Integration

    FS-ISAC

    FS-ISAC leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

    Partner website
  • GreyNoise

    GreyNoise

    Technology Integration

    GreyNoise

    Technology Integration

    GreyNoise

    GreyNoise empowers users to differentiate between targeted cyber-attacks and pointless alerts generated by Internet-wide scan and attack activity. Think of GreyNoise as Anti-Threat Intelligence, telling you what not to worry about so you can focus on the activity that matters.

    Partner website
  • Group-IB Threat Intelligence

    Group-IB Threat Intelligence

    Technology Integration

    Group-IB Threat Intelligence

    Technology Integration

    Group-IB Threat Intelligence

    Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.

    Partner website
  • Hail a TAXII

    Hail a TAXII

    Technology Integration

    Hail a TAXII

    Technology Integration

    Hail a TAXII

    Hail a TAXII.com is a repository of Open Source Cyber Threat Intelligence feeds in STIX format.

    Partner website
  • Hexillion CentralOps

    Hexillion CentralOps

    Technology Integration

    Hexillion CentralOps

    Technology Integration

    Hexillion CentralOps

    The Central Ops.net integration enables analysts to investigate domains and IP addresses. This enricher provides registrant information, DNS records and more. All the information is delivered all in one report; making it much quicker and easier for the analyst. Unlike the free service, this paid account means that there is no limit on the amount of times you need to access the tool.

    Partner website
  • Hybrid Analysis

    Hybrid Analysis

    Technology Integration

    Hybrid Analysis

    Technology Integration

    Hybrid Analysis

    This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

    Partner website
  • IBM QRadar

    IBM QRadar

    Technology Integration

    IBM QRadar

    Technology Integration

    IBM QRadar

    IBM QRadar SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives.

    Partner website
  • IBM Resilient SOAR Platform

    IBM Resilient SOAR Platform

    Technology Integration

    IBM Resilient SOAR Platform

    Technology Integration

    IBM Resilient SOAR Platform

    IBM Resilient Security Orchestration, Automation and Response (SOAR) Platform is the leading platform for orchestrating and automating incident response processes. IBM Resilient SOAR Platform quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats. The latest innovation to IBM Resilient SOAR Platform, Dynamic Playbooks, provides the agility, intelligence, and sophistication needed to contend with complex attacks.

    Partner website
  • Infoblox DNS, DHCP, AND IPAM (DDI)

    Infoblox DNS, DHCP, AND IPAM (DDI)

    Technology Integration

    Infoblox DNS, DHCP, AND IPAM (DDI)

    Technology Integration

    Infoblox DNS, DHCP, AND IPAM (DDI)

    Infoblox DDI is a industry-leading, integrated, and centrally managed approach to delivering enterprise-grade DDI. It uses the patented Infoblox Grid TM technology to ensure high availability DNS, DHCP, and IPAM services throughout your distributed network. Infoblox DDI makes it easier for you to achieve higher levels service uptime, security, and operational efficiencies across diverse infrastructure, including on-prem, cloud and hybrid deployments.

    Partner website
  • Intel 471 Adversary Intelligence

    Intel 471 Adversary Intelligence

    Technology Integration

    Intel 471 Adversary Intelligence

    Technology Integration

    Intel 471 Adversary Intelligence

    Intel 471 provides Adversary and Malware Intelligence for leading intelligence, security and fraud teams. Adversary Intelligence is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber-attacks. Malware Intelligence leverages our underground access to provide timely data and context on malware and adversary infrastructure.

    Partner website
  • Intel 471 Malware Intelligence

    Intel 471 Malware Intelligence

    Technology Integration

    Intel 471 Malware Intelligence

    Technology Integration

    Intel 471 Malware Intelligence

    Intel 471 provides Adversary and Malware Intelligence for leading intelligence, security and fraud teams. Adversary Intelligence is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber-attacks. Malware Intelligence leverages our underground access to provide timely data and context on malware and adversary infrastructure.

    Partner website
  • Intel McAfee Active Response

    Intel McAfee Active Response

    Technology Integration

    Intel McAfee Active Response

    Technology Integration

    Intel McAfee Active Response

    By providing superior out-of-the-box capabilities, automated interaction with existing security management solutions, and user-customization, McAfee® Active Response greatly narrows the window of opportunity for attackers to damage your computing assets and corporate brand.

    Partner website
  • Intel McAfee Data Exchange Layer (DXL)

    Intel McAfee Data Exchange Layer (DXL)

    Technology Integration

    Intel McAfee Data Exchange Layer (DXL)

    Technology Integration

    Intel McAfee Data Exchange Layer (DXL)

    The Data Exchange Layer (DXL) communication fabric connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions. Enterprises gain secure, real-time access to new data and lightweight, instant interactions with other products. New integration with Cisco pxGrid extends your reach end-to-end with better identity services and automated threat mitigation.

    Partner website
  • Intel McAfee TIE

    Intel McAfee TIE

    Technology Integration

    Intel McAfee TIE

    Technology Integration

    Intel McAfee TIE

    McAfee Threat Intelligence Exchange (TIE) acts as a broker that combines intelligence from local security solutions. With this integration, EclecticIQ Platform users can query McAfee TIE and ingest and leverage this intelligence in their threat analysis workflows.

    Partner website
  • IntSights Alerts

    IntSights Alerts

    Technology Integration

    IntSights Alerts

    Technology Integration

    IntSights Alerts

    The IntSights vision is to make external intelligence instantly accessible for organizations of any type or size by synthesizing complex signals captured from across the clear, deep, and dark web into contextualized, prioritized, and actionable intelligence.

    Partner website
  • Joe Sandbox

    Joe Sandbox

    Technology Integration

    Joe Sandbox

    Technology Integration

    Joe Sandbox

    Deep Malware Analysis for Windows, macOS, Linux, Android and iOS

    Partner website
  • Kaspersky APT Intelligence Reporting

    Kaspersky APT Intelligence Reporting

    Technology Integration

    Kaspersky APT Intelligence Reporting

    Technology Integration

    Kaspersky APT Intelligence Reporting

    Exclusive, proactive access to Kaspersky’s most recent investigations and insights, revealing the methods, tactics and tools used by APT actors in high-profile cyberespionage campaigns with cross-sector targeting. Information provided in these reports allows to improve threat hunting missions and develop effective security use cases for proactive defense.

    Partner website
  • Kaspersky Threat Data Feeds

    Kaspersky Threat Data Feeds

    Technology Integration

    Kaspersky Threat Data Feeds

    Technology Integration

    Kaspersky Threat Data Feeds

    Context-rich and immediately actionable threat intelligence feeds containing information on suspicious and dangerous IPs, URLs and file hashes, enable efficient alert triage process while providing enough context to immediately identify alerts that need to be investigated or escalated to incident response team.

    Partner website
  • Kaspersky Threat Lookup

    Kaspersky Threat Lookup

    Technology Integration

    Kaspersky Threat Lookup

    Technology Integration

    Kaspersky Threat Lookup

    All the knowledge acquired by Kaspersky about cyberthreats, legitimate objects and their various relationships, brought together into a single, powerful web service. Real-time search of many petabytes of threat relationship data enables highly effective incident investigations and threat hunting.

    Partner website
  • MaxMind GeoIP

    MaxMind GeoIP

    Technology Integration

    MaxMind GeoIP

    Technology Integration

    MaxMind GeoIP

    MaxMind an industry-leading provider of IP intelligence. EclecticIQ Platform users can leverage GeoIP databases to enrich and develop context on their IP feeds.

    Partner website
  • Micro Focus ArcSight ESM

    Micro Focus ArcSight ESM

    Technology Integration

    Micro Focus ArcSight ESM

    Technology Integration

    Micro Focus ArcSight ESM

    Micro Focus ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected.

    Read more
  • Microsoft Azure Sentinel

    Microsoft Azure Sentinel

    Technology Integration

    Microsoft Azure Sentinel

    Technology Integration

    Microsoft Azure Sentinel

    See and stop threats before they cause harm, with SIEM reinvented for a modern world. Azure Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.

    Partner website
  • MISP

    MISP

    Technology Integration

    MISP

    Technology Integration

    MISP

    MISP is an open source platform that allows for easy IOC sharing among distinct organizations. With this MISP integration, threat analysts can ingest the IOCs they receive from MISP and apply their threat investigation and dissemination workflows right from EclecticIQ Platform. Download the Solutions Brief for more detailed information.

    Partner website
  • NSFocus

    NSFocus

    Technology Integration

    NSFocus

    Technology Integration

    NSFocus

    The integration of NSFocus Global Intelligence includes both the feed and enricher. NSFocus Threat Intelligence, with its extensive sources, provides analysts with enricher information for IP addresses, Domains, CVEs and files. The NSFocus API allows analysts to work with the security event data as a feed. The cyber threat landscape in China is larger and more complex than anywhere else. With this integration, analysts have insight into world's largest numbers of Internet-connected devices and, vast numbers of Internet users.

    Partner website
  • NVD (National Vulnerability Database)

    NVD (National Vulnerability Database)

    Technology Integration

    NVD (National Vulnerability Database)

    Technology Integration

    NVD (National Vulnerability Database)

    The NVD (National Vulnerability Database) Vulnerability Intelligence Feed retrieves CVEs (Common Vulnerability and Exploits) from the NVD CVE API. NVD offers this as a free service -- any customer can use this integration. This integration mainly supports vulnerability management use-cases in the platform.

    Partner website
  • OpenPhish

    OpenPhish

    Technology Integration

    OpenPhish

    Technology Integration

    OpenPhish

    OpenPhish is dedicated to providing timely, accurate, and relevant Phishing Intelligence.

    Partner website
  • Palo Alto Networks AutoFocus

    Palo Alto Networks AutoFocus

    Technology Integration

    Palo Alto Networks AutoFocus

    Technology Integration

    Palo Alto Networks AutoFocus

    AutoFocus contextual threat intelligence brings speed, consistency and precision to threat investigation. It provides instant access to community-based threat data, enhanced with deep context and attribution from the Unit 42 threat research team, saving time and effort. Now teams can quickly investigate, correlate and pinpoint malware’s root cause without adding dedicated malware researchers or additional tools. Plus, automated protections make it simple to turn raw intelligence into protection across your environment.

    Partner website
  • PhishTank

    PhishTank

    Technology Integration

    PhishTank

    Technology Integration

    PhishTank

    PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

    Partner website
  • Recorded Future

    Recorded Future

    Technology Integration

    Recorded Future

    Technology Integration

    Recorded Future

    The Recorded Future integration provides both a feed and enricher capabilities. With the feed, users have access to the Recorded Future Risk List which includes IP and file hashes, for example. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. The enricher allows users to query Domains, hashes, URLs and IP addresses.

    Partner website
  • RIPEstat GeoIP / RIPEstat Whois

    RIPEstat GeoIP / RIPEstat Whois

    Technology Integration

    RIPEstat GeoIP / RIPEstat Whois

    Technology Integration

    RIPEstat GeoIP / RIPEstat Whois

    RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.

    Partner website
  • RiskIQ PassiveTotal

    RiskIQ PassiveTotal

    Technology Integration

    RiskIQ PassiveTotal

    Technology Integration

    RiskIQ PassiveTotal

    RiskIQ PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.

    Partner website
  • RSA NetWitness / Security Analytics

    RSA NetWitness / Security Analytics

    Technology Integration

    RSA NetWitness / Security Analytics

    Technology Integration

    RSA NetWitness / Security Analytics

    Using the NetWitness app, RSA users are able to leverage the power of EclecticIQ Platform directly from the NetWitness interface. Users can receive IOCs from the platform to trigger security alerts, and send sightings back to EclecticIQ Platform.

    Partner website
  • Shodan

    Shodan

    Technology Integration

    Shodan

    Technology Integration

    Shodan

    Shodan is the world's first search engine for Internet-connected devices. The Shodan enricher takes a wealth of input observable types to help you discover which of your devices are connected to the Internet, where they are located, and who is using them.

    Partner website
  • Silobreaker

    Silobreaker

    Technology Integration

    Silobreaker

    Technology Integration

    Silobreaker

    Silobreaker helps business, security and intelligence professionals make sense of the overwhelming amount of unstructured data on the web. By providing powerful tools and visualisations that cut through the noise and analyse data from hundreds of thousands of open sources, Silobreaker makes it easy for users to monitor and research threats or opportunities.

    Partner website
  • Splunk Enterprise

    Splunk Enterprise

    Technology Integration

    Splunk Enterprise

    Technology Integration

    Splunk Enterprise

    * Operational Intelligence optimizes your IT, security and business performance * Collect operational data (including logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services) * Search, monitor and analyze data to discover powerful insights for security and IT operations. * Understand trends, patterns of activity and behavior to make more informed decision

    Read more
  • Splunk Enterprise Security

    Splunk Enterprise Security

    Technology Integration

    Splunk Enterprise Security

    Technology Integration

    Splunk Enterprise Security

    * Operational Intelligence optimizes your IT, security and business performance * Collect operational data (including logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services) * Search, monitor and analyze data to discover powerful insights for security and IT operations. * Understand trends, patterns of activity and behavior to make more informed decision

    Partner website
  • Splunk Phantom

    Splunk Phantom

    Technology Integration

    Splunk Phantom

    Technology Integration

    Splunk Phantom

    Splunk Phantom is a leading Security Orchestration, Automation, and Response (SOAR) Platform. It integrates your team, processes, and tools together. With Phantom, you’re able to work smarter, respond faster, and strengthen your defenses.

    Partner website
  • SpyCloud

    SpyCloud

    Technology Integration

    SpyCloud

    Technology Integration

    SpyCloud

    The SpyCloud integration feed helps users protect employees and customers. It provides information which can prevent account take over, fraud, IP theft and brand damage. The feed alerts users when an employee's or company's assets have been compromised.

    Partner website
  • Symantec DeepSight Intelligence Datafeeds

    Symantec DeepSight Intelligence Datafeeds

    Technology Integration

    Symantec DeepSight Intelligence Datafeeds

    Technology Integration

    Symantec DeepSight Intelligence Datafeeds

    Leveraging the extensive Symantec Global Intelligence Network, this integration feed allows users to collect raw intelligence data making it available within EclecticIQ Platform. The feed provides a broad range of insights, covering reputation and threat intelligence data for IP, URLs, attacks, bots, cnc, malware, fraud, and phishing.

    Partner website
  • The National Cyber-Forensics and Training Alliance (NCFTA)

    The National Cyber-Forensics and Training Alliance (NCFTA)

    Technology Integration

    The National Cyber-Forensics and Training Alliance (NCFTA)

    Technology Integration

    The National Cyber-Forensics and Training Alliance (NCFTA)

    The NCFTA was created by industry, academia, and law enforcement for the sole purpose of establishing a neutral, trusted environment that enables two-way information sharing with the ultimate goal to identify, mitigate, disrupt, and neutralize cyber threats.

    Partner website
  • Threat Crowd

    Threat Crowd

    Technology Integration

    Threat Crowd

    Technology Integration

    Threat Crowd

    ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.r

    Partner website
  • Vigilante

    Vigilante

    Technology Integration

    Vigilante

    Technology Integration

    Vigilante

    Vigilante is a global threat hunting and dark web cyber intelligence research team, delivering a combination of vast, unique human intelligence and automation that is targeted for each client to help them identify their biggest risks and defend against the most sophisticated adversaries.

    Partner website
  • VirusTotal Private Mass API

    VirusTotal Private Mass API

    Technology Integration

    VirusTotal Private Mass API

    Technology Integration

    VirusTotal Private Mass API

    With VirusTotal users can analyze suspicious files and URLs. It facilitates the quick identification of viruses, worms, trojans and all kinds of malware. Integrating VirusTotal means that users don’t need to leave EclecticIQ Platform – everything is at your fingertips which saves time and minimizes the number of tools open at once. The integration supports the premium service for feeds and enrichers; plus, the free service for enrichers. VirusTotal helps users by providing more condensed, ingestible and corroborable information.

    Partner website
  • VMRay

    VMRay

    Technology Integration

    VMRay

    Technology Integration

    VMRay

    Surmounting the persistent shortcomings of other DFIR tools, VMRay delivers rapid detection results and in-depth analysis reports without compromising performance or security. VMRay flexibly integrates with other systems, automating the submission of files and URLs for analysis. Precise, actionable results are returned that drive block/allow decisions and other security measures across the enterprise.

    Partner website
  • Webroot

    Webroot

    Technology Integration

    Webroot

    Technology Integration

    Webroot

    Webroot, an OpenText company, was the first to harness the cloud and artificial intelligence to stop zero-day threats in real time. Webroot secures businesses and individuals worldwide with threat intelligence and protection for endpoints and networks.

    Partner website
  • Zscaler

    Zscaler

    Technology Integration

    Zscaler

    Technology Integration

    Zscaler

    Zscaler accelerates digital transformation so that customers can be more agile and secure. The Zscaler Zero Trust Exchange, a SASE-based platform, is the world’s largest inline cloud security platform, protecting thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications over any network. Zscaler integrates with EclecticIQ by consuming high-confidence indicators to enforce real-time policies and ensure all users get complete protection from emerging threats and targeted attacks.

    Partner website
© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo