EclecticIQ Platform Integrations

EclecticIQ Platform fully integrates with essential threat intelligence providers, technical sources, enterprise IT security solutions and ISACs.



EclecticIQ Platform Integrations

The built-in integration capabilities within EclecticIQ Platform provides enterprises with the flexibility to connect with top providers of threat intelligence and centralized sources of technical data, as well as a full range of IT security solutions deployed within the enterprise. Integration also extends to ISACs and other information-sharing groups using STIX/TAXII standards and other data formats.

Threat Intelligence Sources

Sources include proprietary and open-source providers of threat intelligence on zero-day vulnerabilities, malware signatures, fraud techniques, dark web activity, known threat actors and much more.

EclecticIQ Platform allows you to connect with leading incident response teams and high-tech crime investigators, allowing your threat analysts to work in close cooperation with cyber security specialists.

Anubis Networks

Anubis Networks

AnubisNetworks Cyberfeed allows customers to obtain threat intelligence on real-time security events, with monitoring of countries, organizations and their subsidiaries.

Cisco AMP Threat Grid

Cisco AMP Threat Grid

Cisco AMP Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world.

Exodus Intelligence

Exodus Intelligence

Exodus Intelligence provides clients with actionable information, capabilities, and context for proven exploitable vulnerabilities. Their world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing their clients with this knowledge before the adversaries find them. Their research also extends into N-Day research.

FireEye iSIGHT Threat Intelligence

FireEye iSIGHT Threat Intelligence

FireEye iSIGHT Threat Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem.

Flashpoint

Flashpoint

Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.

Fox-IT InTell

Fox-IT InTell

InTELL tracks global criminal activity with intelligence based on actor attribution and context. Going beyond botnet & malware information, InTELL provides a global picture of trends, geographical activity, actors, their motivations and their evolving business models. Real-time contextual cyber intelligence includes global visibility on actor trends, threats and technology; tracking of risks and threats to online brands; and contextual threat feeds. 

Group-IB

Group-IB

Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.

Intel 471

Intel 471

Intel 471 provides an actor-centric intelligence collection capability. Our intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.

Wapack Labs Threat Recon

Wapack Labs Threat Recon

Wapack Labs identifies cyber threats before they become attacks, providing threat detection through internet surveillance operations, data gathering, and in-depth analysis of economic, financial, and geopolitical issues.

Data Sources

Cyber security professionals rely upon several centralized data sources for information about hostnames, IP addresses, viruses, malicious domains and infrastructure. In addition, specialized sources also supply data for industry and government using common formats as well as STIX-formatted data sources.

Cisco OpenDNS / OpenResolve

Cisco OpenDNS / OpenResolve

Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and OpenDNS. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.

Farsight Security DNSDB

Farsight Security DNSDB

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

RIPEstat GeoIP / RIPEstat Whois

 RIPEstat GeoIP / RIPEstat Whois

RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.

RiskIQ PassiveTotal

RiskIQ PassiveTotal

RiskIQ's PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.

Virus Total

Virus Total

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

STIX-formatted data

Any data provided in STIX (1.0, 1.1.1, 1.2) format, including FS-ISAC and MISP feeds.

Integrations

To enable full participation in ISACs and other collaborative initiatives, EclecticIQ Platform adheres to STIX/TAXII standards for the automated sharing of threat intelligence, as well as several other generic content types and application-specific data formats.

For connectivity within the enterprise, EclecticIQ Platform integrates with IT security solutions including SIEM and IDS/IPS tools.

CTX/Soltra Edge

CTX/Soltra Edge

CTX/Soltra Edge collects threat intelligence from various sources and converts it into open standards STIX and TAXII, revealing information that helps firms make decisions on what actions they need to take to help users better protect their organizations against cyber threats.

HPE Security ArcSight ESM

HPE Security ArcSight ESM

HPE Security ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected. 

More on the ArcSight integration

IBM QRadar

IBM QRadar

IBM QRadar SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. 

LogRhythm

LogRhythm

LogRhythm unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

Splunk

Splunk
  • Operational Intelligence optimizes your IT, security and business performance
  • Collect operational data (including logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services)
  • Search, monitor and analyze data to discover powerful insights for security and IT operations.
  • Understand trends, patterns of activity and behavior to make more informed decision
More on the Splunk App

Security Controls

Help your system administrators to respond faster to attempted intrusions by adding essential context to your IT security controls. 

Integrate real-time threat intelligence into:

  • Snort 
  • Suricata
  • Any standards-based IPS/IDS 

Custom Integrations

Besides the integrations listed above, organizations can configure their own custom integration based on the following standards:

  • ArcSight CEF
  • EclecticIQ CSV
  • EclecticIQ JSON
  • Email (IMAP)
  • File system
  • FTP Push
  • HTTP Download
  • STIX 1.2
  • Syslog (UDP/TCP)
  • TAXII (Poll/Push)
  • Plain text (e.g. Snort Rules, Yara Signatures)

Meet our official intelligence, technology, and commercial partners.

Meet our partners

Resources

Discover more about how to integrate diverse sources of threat intelligence into your organization’s workflow with EclecticIQ Platform.

Accelerate Incident Response with Threat Intelligence

White paper

Accelerate Incident Response with Threat Intelligence

This paper explains how Threat Intelligence improves Incident Response (IR) and how to introduce Threat Intelligence into your IR practice - with two use cases from Fox-IT.

Download White Paper

More about EclecticIQ Platform

Subscribe to our newsletter

By signing up you will receive our quarterly newsletter on Cyber Threat Intelligence. Read the latest issue of our newsletter here.

Thank you!