Workflow in EclecticIQ Platform

EclecticIQ Platform delivers well-tested workflows to support 
the primary activities required by analysts


Gather relevant intelligence

  • Capture incoming intelligence
  • Conduct triage

Empower analysts

  • Graph with advanced search
  • Collaborate with colleagues
  • Generate insightful reports
  • Create structured intelligence

Integrate threat intelligence into the enterprise

  • Distribute to stakeholders
  • Automate feeds into security controls

Participate in the broader intelligence community

  • Share with communities
  • Support STIX and TAXII standards

EclecticIQ Platform Workflow includes support for a complete range of operational use cases for analysts working within Threat Intelligence practices at enterprises in high-risk industries. Designed for the real-world activities of cyber threat intelligence analysts, EclecticIQ Platform provides a core set of workflows within a single collaborative workspace.

Using these workflows, analysts within Security Operations Centers (SOCs), Computer Emergency Response Teams (CERTs), Fusion Centers, Intelligence Teams and Threat Hunting Teams can quickly discern actionable and relevant intelligence, collaborate with other analysts, update enterprise security controls and share information with external communities.

Gather relevant intelligence

Workflow Gather relevant intelligence

Turn the diversity of threat data into actionable intelligence

Integrate, normalize and consolidate sources of incoming cyber threat intelligence from multiple formats, both structured and unstructured, into a central intelligence repository. 

Enrich incoming information using external databases or internal databases, based on powerful rulesets to improve context.

Supported data formats include open sources, communities and commercial intelligence suppliers, as well as emails, and other unstructured sources.

Conducts triage and focus on the most important tasks

Discover the most relevant intelligence from the central intelligence repository, allowing you to focus on the day’s most pressing threats. 

Set policy-based alerts based on advanced search logic and network graph correlation matrices. 

Qualify threats based on proximity, confidence, threat level or other factors fully customizable to your own workflow and taxonomy.

Empower Analysts

Workflow empower threat analysts

Make sense of intelligence with powerful graphing capabilities and advanced search

Powerful graphing capabilities help you make sense of incoming intelligence. See clear connections between entities based on their shared characteristics, helping you to place each piece of information into the right context. 

Advanced search tools allow you to explore the full collection of intelligence in the repository. 

Pivot easily to uncover hidden correlations across multiple large datasets. 

Create structured intelligence based on observable incidents, attack patterns and other data points.

Manage structured intelligence concerning adversary tools and methods, threat actors, campaigns and courses of action; and unstructured, multi-paragraph intelligence reports.

Supported entities: Observables, Indicators, Actors, Malware, Vulnerabilities, Attack Patterns or other TTPs, Campaigns, Incidents, Courses of Action and Report.

Generate insightful reports for the right stakeholders

Write compelling reports for the key people in your organization. 

Achieve higher levels of context, clarity and urgency by attaching information and graphs directly from your sources and analysis into your reports. 

Collaborate with colleagues through secure workspaces that deliver real-time threat analyses supported with long-term trend data

Using workspaces, collaboration was never easier. Work together to track campaigns and cases. Assign a task to a colleague and reference the actual intel. No more emailing CSV’s.

Share and comment on intelligence findings. Analysts can contribute to a centralized intelligence knowledge base, produce custom intelligence, and tune and tweak indicators and observables patterns and signatures for detection and prevention.

Integrate cyber security into the enterprise

Workflow integrate cyber security into the enterprise

Integrate structured intelligence into existing security controls

Improve the capabilities of enterprise detection, prevention and response systems by boosting the signal-to-noise ratio of relevant cyber threat intelligence.

Automatically deliver intelligence feeds, including Indicator of Compromise (IOC) and Indicator of Attack (IOA), into existing security controls:

  • Security Information and Event Management (SIEM) from HPE ArcSight, IBM QRadar, Splunk and others
  • Intrusion Detection
  • End Point Protection and Monitoring
  • Incident Workflow
  • Native bidirectional integrations with SIEM software.

The extensive EclecticIQ Platform API enables unlimited inbound/outbound integration.

Distribute intelligence through secure channels to organizational stakeholders

Distribute intelligence reports to approved and audited recipients in the organization through granular distribution policies with easy linkages into other structured and unstructured intelligence and context in the platform. Sharing of intelligence occurs through secure channels, without having to copy-and-paste into external editors.

Notifications can be delivered either from within EclecticIQ Platform, or through e-mail. 

Participate in the broader intelligence community

Workflow participate in the broader intelligence community TAXII/STIX

Share intelligence with ISACs, ISAOs, interest groups and other sharing communities

Exchange intelligence with ISACs, ISAOs, industry interest groups and other sharing communities through emerging industry standards STIX and TAXII, as well as community-specific protocols, anonymized where necessary.

Maximize the value of information sharing with full support of STIX and TAXII standards

EclecticIQ is an active participant in the development of STIX and TAXII, OASIS-backed standards for sharing cyber threat intelligence data across sharing communities. Through the use of these standards, organizations enable higher levels of automation in information-sharing, leading to a smarter shared response to cyber threats.


Resources

Triage & Collaboration: Improving a major's bank cyber threat security posture

Case study

Triage & Collaboration: Improving a major's bank cyber threat security posture

Learn how a major bank implemented a single Threat Intelligence Platform (TIP) to support multiple lines of business across its global footprint.

Download Case Study
Accelerate Incident Response with Threat Intelligence

White paper

Accelerate Incident Response with Threat Intelligence

This paper explains how Threat Intelligence improves Incident Response (IR) and how to introduce into your IR practice. It includes two use cases from Fox-IT.

Download White Paper

More about EclecticIQ Platform

Subscribe to our newsletter

By signing up you will receive our quarterly newsletter on Cyber Threat Intelligence. Read the latest issue of our newsletter here.

Thank you!