EclecticIQ Platform Integrations

EclecticIQ Platform fully integrates with essential threat intelligence providers, technical sources, enterprise IT security solutions and ISACs.


Alienvault
Anubis Networks
Arcsight
Bfk
Censys
Cisco
Cofense
Crowdstrike
Dhs
Domaintools
Exodus
Farsight
Fireeye
Flashpoint
Fox It
Group Ib
Hexillion
Ibm Security
Intel 471
Logrhythm
Maxmind
Mcafee
Misp
Ncsc
Nsfocus
Qradar
Recorded Future New
Ripe
Risk Iq
Soltra
Splunk
Spycloud
Symantec
Virustotal
Wapack Labs

EclecticIQ Platform Integrations

The built-in integration capabilities within EclecticIQ Platform provide enterprises with the flexibility to connect with top providers of threat intelligence and centralized sources of technical data, as well as a full range of IT security solutions deployed within the enterprise. Integration also extends to ISACs and other information-sharing groups using STIX/TAXII standards and other data formats.

AlienVault Open Threat Exchange

AlienVault Open Threat Exchange

Intelligence Integration

The AlienVault Open Threat Exchange (OTX) is a system for sharing threat intelligence among OSSIM users and AlienVault customers.

Anubis Networks

Anubis Networks

Intelligence Integration

AnubisNetworks Cyberfeed allows customers to obtain threat intelligence on real-time security events, with monitoring of countries, organizations and their subsidiaries.

BFK

BFK

Intelligence Integration

BFK is in the field of malware analysis and incident response since 1990. It offers threat intel feeds, passive DNS, and enrichment APIs, that make use of up-to-date collection of static and dynamic sample analyses. The company‘s prime focus is crimeware and APT attacks.

CAPEC

CAPEC

Intelligence Integration

Understanding how your adversary operates is essential to effective cyber security. CAPEC™ is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses. Our platform allows the ingestion of the full CAPEC library, and use it to gain understanding of CAPEC numbers in your intelligence.

Censys

Censys

Intelligence Integration

Censys is an Internet-wide scanning system and database that aims at listing all devices and networks that compose the Internet. Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

CIRCL Passive SSL

CIRCL Passive SSL

Intelligence Integration

CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address, which makes it searchable for incident handlers, security analysts or researchers. The Passive SSL enricher will retrieve domains and IP’s associated with an SSL Certificate hash.

Cisco OpenDNS / OpenResolve

Cisco OpenDNS / OpenResolve

Intelligence Integration

Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and OpenDNS. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.

Cisco Threat Grid

Cisco Threat Grid

Intelligence Integration

Cisco Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world.

Cisco Threat Grid - Curated STIX Feeds

Cisco Threat Grid - Curated STIX Feeds

Intelligence Integration

Threat Grid content feeds are pre-generated, curated sets of behavioural indicators that are produced in the Threat Grid Cloud infrastructure from sample analysis results. Feeds are used by organizations and partners for targeted threat intelligence, by focusing on the specific types of threats faced by particular industries.

Cisco Umbrella

Cisco Umbrella

Intelligence Integration

The Cisco Umbrella API helps analysts quickly understand registration details, similar domains and potential malicious ties to observable data. With this integration, analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. Combining this integration with EclecticIQ Platform enables analysts to dynamically build a repository of intelligence relating to domain activity.

Cofense PhishMe

Cofense PhishMe

Intelligence Integration

Cofense PhishMe is the leading provider of human-driven phishing defense solutions worldwide. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. Cofense enables thousands of global organizations to stop attacks in progress faster and stay ahead of breaches.

Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE)

Intelligence Integration

Enrich intelligence with exploit target information, from the standard source of vulnerabilities and exposures: the MITRE corporation.

The enricher and feed uses the Computer Incident Response Center Luxembourg (CIRCL) cve-search API to retrieve all the available details.

Crowdstrike Falcon Intelligence

Crowdstrike Falcon Intelligence

Intelligence Integration

Crowdstrike is a global leader in the cloud-delivered next-generation endpoint protection. With a single lightweight agent, CrowdStrike is the first company to unify next-generation antivirus that includes machine learning and behavioral analytics, endpoint detection and response (EDR), and a 24/7 managed hunting service all in one lightweight agent. Falcon IntelligenceTM is a cost-effective program tailored to each company’s needs and requirements and addresses the legal and technical aspects of preventing harm that results from a cyberattack.

CTX/Soltra Edge

CTX/Soltra Edge

Technology Integration

CTX/Soltra Edge collects threat intelligence from various sources and converts it into open standards STIX and TAXII, revealing information that helps firms make decisions on what actions they need to take to help users better protect their organizations against cyber threats.

Custom Integrations

Technology Integration

Besides the integrations listed above, organizations can configure their own custom integration based on the following standards:

  • ArcSight CEF
  • EclecticIQ CSV
  • EclecticIQ JSON
  • Email (IMAP)
  • File system
  • FTP Push
  • HTTP Download
  • STIX 1.2
  • Syslog (UDP/TCP)
  • TAXII (Poll/Push)
  • Plain text (e.g. Snort Rules, Yara Signatures)
DHS AIS

DHS AIS

Intelligence Integration

The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed.

DomainTools

DomainTools

Intelligence Integration

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

EclecticIQ CTI Clipboard

EclecticIQ CTI Clipboard

Apps And Browser Extension

With EclecticIQ CTI Clipboard, users can stay in their browser (Google Chrome) when copying/pasting information. Users are able to focus on the investigation at hand, without the need to switch between tabs/platforms. This time saving application allows users to create indicators within the CTI Clipboard extension itself, which are directly taken into EclecticIQ Platform.

Visit chrome web store
Exodus Intelligence

Exodus Intelligence

Intelligence Integration

Exodus Intelligence provides clients with actionable information, capabilities, and context for proven exploitable vulnerabilities. Their world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing their clients with this knowledge before the adversaries find them. Their research also extends into N-Day research.

​Farsight Security DNSDB

​Farsight Security DNSDB

Intelligence Integration

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

FireEye iSIGHT Intelligence

FireEye iSIGHT Intelligence

Intelligence Integration

FireEye iSIGHT Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem.

Flashpoint

Flashpoint

Intelligence Integration

Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.

Fox-IT InTell

Fox-IT InTell

Intelligence Integration

InTELL tracks global criminal activity with intelligence based on actor attribution and context. Going beyond botnet & malware information, InTELL provides a global picture of trends, geographical activity, actors, their motivations and their evolving business models. Real-time contextual cyber intelligence includes global visibility on actor trends, threats and technology; tracking of risks and threats to online brands; and contextual threat feeds.

​Group-IB

​Group-IB

Intelligence Integration

Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.

Hexillion Central Ops

Hexillion Central Ops

Intelligence Integration

The Central Ops.net integration enables analysts to investigate domains and IP addresses. This enricher provides registrant information, DNS records and more. All the information is delivered all in one report; making it much quicker and easier for the analyst. Unlike the free service, this paid account means that there is no limit on the amount of times you need to access the tool.

HPE Security ArcSight ESM

HPE Security ArcSight ESM

Technology Integration

HPE Security ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected.

More on the ArcSight integration
IBM QRadar

IBM QRadar

Technology Integration

IBM QRadar SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives.

IBM X-Force Exchange

IBM X-Force Exchange

Intelligence Integration

IBM X-Force Exchange is a collaborative threat intelligence sharing platform that helps security analysts consume, share, and act on threat insights – backed by the reputation and scale of the IBM X-Force research team.

​Intel 471

​Intel 471

Intelligence Integration

Intel 471 provides an actor-centric intelligence collection capability. Our intelligence collection focuses on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.

​LogRhythm

​LogRhythm

Technology Integration

LogRhythm unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

MaxMind GeoIP

MaxMind GeoIP

Intelligence Integration

MaxMind an industry-leading provider of IP intelligence. EclecticIQ Platform users can leverage GeoIP databases to enrich and develop context on their IP feeds.

McAfee TIE

McAfee TIE

Intelligence Integration

McAfee Threat Intelligence Exchange (TIE) acts as a broker that combines intelligence from local security solutions. With this integration, EclecticIQ Platform users can query McAfee TIE and ingest and leverage this intelligence in their threat analysis workflows.

MISP

MISP

Intelligence Integration

MISP is an open source platform that allows for easy IOC sharing among distinct organizations. With this MISP integration, threat analysts can ingest the IOCs they receive from MISP and apply their threat investigation and dissemination workflows right from EclecticIQ Platform.

NCSC UK CiSP

NCSC UK CiSP

Intelligence Integration

Cybersecurity Information Sharing Partnership (CiSP) is a joint industry and government initiative set up by National Cyber Security Centre (NCSC) UK ,to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.

NSFocus

NSFocus

Intelligence Integration

The integration of NSFocus Global Intelligence includes both the feed and enricher. NSFocus Threat Intelligence, with its extensive sources, provides analysts with enricher information for IP addresses, Domains, CVEs and files. The NSFocus API allows analysts to work with the security event data as a feed. The cyber threat landscape in China is larger and more complex than anywhere else. With this integration, analysts have insight into world's largest numbers of Internet-connected devices and, vast numbers of Internet users.

Palo Alto Autofocus

Palo Alto Autofocus

Intelligence Integration

Gain visibility into the most critical threats with contextual intelligence on malware families, campaigns, threat actors, malicious behaviors and exploits used. AutoFocus allows you to answer questions like: “Who is attacking me?” “What tools are they using?” and “How targeted or unique is this threat?”.

Recorded Future

Recorded Future

Intelligence Integration

The Recorded Future integration provides both a feed and enricher capabilities. With the feed, users have access to the Recorded Future Risk List which includes IP and file hashes, for example. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. The enricher allows users to query Domains, hashes, URLs and IP addresses.

RIPEstat GeoIP / RIPEstat Whois

RIPEstat GeoIP / RIPEstat Whois

Intelligence Integration

RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.

​RiskIQ PassiveTotal

​RiskIQ PassiveTotal

Intelligence Integration

RiskIQ PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.

Security Controls

Technology Integration

Help your system administrators to respond faster to attempted intrusions by adding essential context to your IT security controls.

Integrate real-time threat intelligence into:

  • Snort
  • Suricata
  • Any standards-based IPS/IDS
Shodan

Shodan

Intelligence Integration

Shodan is the world's first search engine for Internet-connected devices. The Shodan enricher takes a wealth of input observable types to help you discover which of your devices are connected to the Internet, where they are located, and who is using them.

Splunk

Splunk

Technology Integration

  • Operational Intelligence optimizes your IT, security and business performance
  • Collect operational data (including logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services)
  • Search, monitor and analyze data to discover powerful insights for security and IT operations.
  • Understand trends, patterns of activity and behavior to make more informed decision
More on the Splunk app
SpyCloud

SpyCloud

Intelligence Integration

The SpyCloud integration feed helps users protect employees and customers. It provides information which can prevent account take over, fraud, IP theft and brand damage. The feed alerts users when an employee's or company's assets have been compromised.

STIX-formatted data

Intelligence Integration

Any data provided in STIX (1.0, 1.1.1, 1.2) format, including FS-ISAC and MISP feeds.

Symantec DeepSight Intelligence Datafeeds

Symantec DeepSight Intelligence Datafeeds

Intelligence Integration

Leveraging the extensive Symantec Global Intelligence Network, this integration feed allows users to collect raw intelligence data making it available within EclecticIQ Platform. The feed provides a broad range of insights, covering reputation and threat intelligence data for IP, URLs, attacks, bots, cnc, malware, fraud, and phishing.

​ThreatCrowd

​ThreatCrowd

Intelligence Integration

ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.

VirusTotal Private Mass API

VirusTotal Private Mass API

Intelligence Integration

With VirusTotal users can analyze suspicious files and URLs. It facilitates the quick identification of viruses, worms, trojans and all kinds of malware. Integrating VirusTotal means that users don’t need to leave EclecticIQ Platform – everything is at your fingertips which saves time and minimizes the number of tools open at once. The integration supports the premium service for feeds and enrichers; plus, the free service for enrichers. VirusTotal helps users by providing more condensed, ingestible and corroborable information.

Wapack Labs Threat Recon

Wapack Labs Threat Recon

Intelligence Integration

Wapack Labs identifies cyber threats before they become attacks, providing threat detection through internet surveillance operations, data gathering, and in-depth analysis of economic, financial, and geopolitical issues.


Discover more about how to integrate diverse sources of threat intelligence into your organization’s workflow with EclecticIQ Platform.

PhishMe Intelligence and EclecticIQ Platform

Solutions Brief

PhishMe Intelligence and EclecticIQ Platform

With PhishMe Intelligence and EclecticIQ Platform, security teams have unobstructed views into credible phishing threats leading to higher confidence in the action based on the indicators.

Download Solutions Brief
Accelerate Incident Response with Threat Intelligence

White paper

Accelerate Incident Response with Threat Intelligence

This paper explains how Threat Intelligence improves Incident Response (IR) and how to introduce Threat Intelligence into your IR practice - with two use cases from Fox-IT.

Download White Paper

More about EclecticIQ Platform