Turn the diversity of threat data into actionable intelligence

Integrate, normalize and consolidate sources of incoming cyber threat intelligence from multiple formats, both structured and unstructured, into a central intelligence repository. 

Enrich incoming information using external databases or internal databases, based on powerful rulesets to improve context.

Supported data formats include open sources, communities and commercial intelligence suppliers, as well as emails, and other unstructured sources.

Conducts triage and focus on the most important tasks

Discover the most relevant intelligence from the central intelligence repository, allowing you to focus on the day’s most pressing threats. 

Set policy-based alerts based on advanced search logic and network graph correlation matrices. 

Qualify threats based on proximity, confidence, threat level or other factors fully customizable to your own workflow and taxonomy.

Make sense of intelligence with powerful graphing capabilities and advanced search

Powerful graphing capabilities help you make sense of incoming intelligence. See clear connections between entities based on their shared characteristics, helping you to place each piece of information into the right context. 

Advanced search tools allow you to explore the full collection of intelligence in the repository. 

Pivot easily to uncover hidden correlations across multiple large datasets. 

Create structured intelligence based on observable incidents, attack patterns and other data points.

Manage structured intelligence concerning adversary tools and methods, threat actors, campaigns and courses of action; and unstructured, multi-paragraph intelligence reports.

Supported entities: Observables, Indicators, Actors, Malware, Vulnerabilities, Attack Patterns or other TTPs, Campaigns, Incidents, Courses of Action and Report.

Generate insightful reports for the right stakeholders

Write compelling reports for the key people in your organization. 

Achieve higher levels of context, clarity and urgency by attaching information and graphs directly from your sources and analysis into your reports. 

Collaborate with colleagues through secure workspaces that deliver real-time threat analyses supported with long-term trend data

Using workspaces, collaboration was never easier. Work together to track campaigns and cases. Assign a task to a colleague and reference the actual intel. No more emailing CSV’s.

Share and comment on intelligence findings. Analysts can contribute to a centralized intelligence knowledge base, produce custom intelligence, and tune and tweak indicators and observables patterns and signatures for detection and prevention.

Integrate structured intelligence into existing security controls

Improve the capabilities of enterprise detection, prevention and response systems by boosting the signal-to-noise ratio of relevant cyber threat intelligence.

Automatically deliver intelligence feeds, including Indicator of Compromise (IOC) and Indicator of Attack (IOA), into existing security controls:

• Security Information and Event Management (SIEM) from HPE ArcSight, IBM QRadar, Splunk and others
• Intrusion Detection
• End Point Protection and Monitoring
• Incident Workflow
• Native bidirectional integrations with SIEM software.

The extensive EclecticIQ Platform API enables unlimited inbound/outbound integration.

Distribute intelligence through secure channels to organizational stakeholders

Distribute intelligence reports to approved and audited recipients in the organization through granular distribution policies with easy linkages into other structured and unstructured intelligence and context in EclecticIQ Platform. Sharing of intelligence occurs through secure channels, without having to copy-and-paste into external editors.

Notifications can be delivered either from within EclecticIQ Platform, or through e-mail. 

Share intelligence with ISACs, ISAOs, interest groups and other sharing communities

Exchange intelligence with ISACs, ISAOs, industry interest groups and other sharing communities through emerging industry standards STIX and TAXII, as well as community-specific protocols, anonymized where necessary.

Maximize the value of information sharing with full support of STIX and TAXII standards

EclecticIQ is an active participant in the development of STIX and TAXII, OASIS-backed standards for sharing cyber threat intelligence data across sharing communities. Through the use of these standards, organizations enable higher levels of automation in information-sharing, leading to a smarter shared response to cyber threats.