Partnerships

AlienVault

Integration Partner

The AlienVault Open Threat Exchange (OTX) is a system for sharing threat intelligence among OSSIM users and AlienVault customers.

Amazon

Integration Partner

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.

Bitdefender

Integration Partner

The Bitdefender Advanced Threat Intelligence solution helps security professionals gain visibility into the latest threats by using up-to-date, contextual intelligence on URLs, IPs, domains, certificates, files, Command and Control servers and Advanced Persistent Threats.

BitSight

Integration Partner

AnubisNetworks Cyberfeed allows customers to obtain threat intelligence on real-time security events, with monitoring of countries, organizations and their subsidiaries.

Broadcom

Integration Partner

Leveraging the extensive Symantec Global Intelligence Network, this integration feed allows users to collect raw intelligence data making it available within EclecticIQ Platform. The feed provides a broad range of insights, covering reputation and threat intelligence data for IP, URLs, attacks, bots, cnc, malware, fraud, and phishing.

CIRCL - Computer Incident Response Center Luxembourg

Integration Partner

CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address, which makes it searchable for incident handlers, security analysts or researchers. The Passive SSL enricher will retrieve domains and IP’s associated with an SSL Certificate hash.

Cisco

Integration Partner

The Cisco Umbrella API helps analysts quickly understand registration details, similar domains and potential malicious ties to observable data. With this integration, analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. Combining this integration with EclecticIQ Platform enables analysts to dynamically build a repository of intelligence relating to domain activity.

Cofense

Integration Partner

Cofense PhishMe is the leading provider of human-driven phishing defense solutions worldwide. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. Cofense enables thousands of global organizations to stop attacks in progress faster and stay ahead of breaches.

Cognyte

Integration Partner

Cognyte is a global leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a Safer World.

CrowdStrike

Integration Partner

CrowdStrike® Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics. This ensures nothing is missed, leaving attackers with no place to hide. Falcon Insight provides organizations with state-of-the-art endpoint detection and response (EDR), following an approach recommended by top analyst firms such as Gartner.

Cybereason

Integration Partner

Using the Cyberreason Defense Platform, users are able to leverage the power of EclecticIQ Platform. Users can receive IOCs from the platform to trigger security alerts, and send sightings back to EclecticIQ Platform.

D3 Intelligence

Integration Partner

D3 Intelligence enables companies to connect their business, their technology, their people to their intelligence. We do this by leveraging the intelligence cycle - adopted from the government, refined for the private sector.

Devo

Integration Partner

Devo offers cloud-native data logging and security information and event management (SIEM) solutions. Devo products for threat detection, threat hunting, threat investigation, centralized log management, monitoring stack consolidation, and AIOps.

Digital Shadows

Integration Partner

Digital Shadows SearchLight protects against external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation.

DomainTools

Integration Partner

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

Dragos

Integration Partner

As a leading provider of industrial control systems cybersecurity, the Dragos threat detection and response platform codifies decades of real-world experience in advanced threat analytics. It provides operational and information technology practitioners unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape. Through the integration with EclecticIQ Platform, Threat Intelligence Analysts now have access to relevant reports, Indicators, Threat Actors, TTPs and observables that Dragos provides for this unique threat landscape.

Elemendar

Integration Partner

Elemendar was founded in 2017 by Giorgos Georgopoulos and Syra Marshall at the UK’s first GCHQ/NCSC Cyber Accelerator. Their mission is to automate the processing of cyber threat intelligence to better defend organisations against cyber threats. Elemendar work with a number of world-class industry collaborators including governments, enterprise, defence organisations and the Laboratory for Analytic Sciences (LAS).

Farsight Security

Integration Partner

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

FireEye

Integration Partner

FireEye iSIGHT Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem

Flashpoint

Integration Partner

Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.

Forcepoint

Integration Partner

An industry leader in intelligent cybersecurity, Forcepoint enables transparent comprehensive investigation with advanced analytics like machine learning and artificial intelligence that are tuned toward specific behavior risk

FS-ISAC

Integration Partner, Community Partner

The Financial Services Information Sharing and Analysis Center is the global financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC operates as a member-owned non profit entity. EclecticIQ is an affiliate member.

Google

Integration Partner

Google Cloud Platform provides a suite of cloud computing services, including data management, hybrid & multi-cloud, AI and ML, built to meet your business challenges.

Group-IB

Integration Partner

Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.

Hexillion

Integration Partner

The Central Ops.net integration enables analysts to investigate domains and IP addresses. This enricher provides registrant information, DNS records and more. All the information is delivered all in one report; making it much quicker and easier for the analyst. Unlike the free service, this paid account means that there is no limit on the amount of times you need to access the tool.

IBM Security

Integration Partner

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world- renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide.

Infoblox

Integration Partner

Infoblox DDI is a industry-leading, integrated, and centrally managed approach to delivering enterprise-grade DDI. It uses the patented Infoblox Grid ^TM technology to ensure high availability DNS, DHCP, and IPAM services throughout your distributed network. Infoblox DDI makes it easier for you to achieve higher levels service uptime, security, and operational efficiencies across diverse infrastructure, including on-prem, cloud and hybrid deployments.

Intel 471

Integration Partner

Intel 471 provides Adversary and Malware Intelligence for leading intelligence, security and fraud teams. Adversary Intelligence is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber-attacks. Malware Intelligence leverages our underground access to provide timely data and context on malware and adversary infrastructure.

Joe Security

Integration Partner

Deep Malware Analysis for Windows, macOS, Linux, Android and iOS

Kaspersky

Integration Partner

All the knowledge acquired by Kaspersky about cyberthreats, legitimate objects and their various relationships, brought together into a single, powerful web service. Real-time search of many petabytes of threat relationship data enables highly effective incident investigations and threat hunting.

Micro Focus

Integration Partner

Micro Focus ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected.

Microsoft

Integration Partner

See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.

MITRE

Integration Partner

Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.

National Institute of Standards and Technology (NIST)

Integration Partner

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce.

NSFOCUS

Integration Partner

The integration of NSFocus Global Intelligence includes both the feed and enricher. NSFocus Threat Intelligence, with its extensive sources, provides analysts with enricher information for IP addresses, Domains, CVEs and files. The NSFocus API allows analysts to work with the security event data as a feed. The cyber threat landscape in China is larger and more complex than anywhere else. With this integration, analysts have insight into world's largest numbers of Internet-connected devices and, vast numbers of Internet users.

Palo Alto Networks

Integration Partner

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before

Proofpoint

Integration Partner

Proofpoint Emerging Threat (ET) Intelligence delivers the most timely and accurate threat intelligence feeds to identify IPs and domains involved in suspicious and malicious activity and are easily digested by your EclecticIQ

Qualys

Integration Partner

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions with over 11,000 customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings.

Recorded Future

Integration Partner

The Recorded Future integration provides both a feed and enricher capabilities. With the feed, users have access to the Recorded Future Risk List which includes IP and file hashes, for example. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. The enricher allows users to query Domains, hashes, URLs and IP addresses.

RIPE NCC

Integration Partner

RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.

RiskIQ

Integration Partner

RiskIQ PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.

RSA Security

Integration Partner

Using the NetWitness app, RSA users are able to leverage the power of EclecticIQ Platform directly from the NetWitness interface. Users can receive IOCs from the platform to trigger security alerts, and send sightings back to EclecticIQ Platform.

Silobreaker

Integration Partner

Silobreaker helps business, security and intelligence professionals make sense of the overwhelming amount of unstructured data on the web. By providing powerful tools and visualisations that cut through the noise and analyse data from hundreds of thousands of open sources, Silobreaker makes it easy for users to monitor and research threats or opportunities.

Splunk

Integration Partner

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative. Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

SpyCloud

Integration Partner

The SpyCloud integration feed helps users protect employees and customers. It provides information which can prevent account take over, fraud, IP theft and brand damage. The feed alerts users when an employee's or company's assets have been compromised.

Sumo Logic

Integration Partner

Sumo Logic empowers the people who power modern, digital business through its Continuous Intelligence Platform™. Practitioners and developers around the world rely on Sumo Logic to gain real-time analytics and insights from their cloud-native applications, helping them ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures.

VMRay

Integration Partner

Surmounting the persistent shortcomings of other DFIR tools, VMRay delivers rapid detection results and in-depth analysis reports without compromising performance or security. VMRay flexibly integrates with other systems, automating the submission of files and URLs for analysis. Precise, actionable results are returned that drive block/allow decisions and other security measures across the enterprise.