Overview

The platform includes a Threat Intelligence repository specifically designed to verify all the events on-the-fly that enter The Platform in real time, regardless of their quantity, nature, data source or format, and thus find events and patterns related to malicious activity as malware, intrusion attempts, DoS attacks, espionage and other types of threats, completely unattended and without requiring any action by SOC analysts.

This is commonly referred to in the cybersecurity industry as Actionable Threat Intelligence—intelligence designed to enable the automated detection of suspicious events and their integration into security devices, allowing them to automatically mitigate malicious connections.

When the Threat Intelligence engine finds events related to known IoCs, these events are enriched with threat information before being indexed in the Data Lake, allowing analysts to build alerts, dashboards and analysis procedures specifically designed to address the massive amount that will be indexed in the Data Lake directly from the point of view of the threats that have been found, regardless of the nature of the events, their formats and their differences.

The Threat Intelligence repository where malicious activity that occurs on the Internet from different intelligence sources is recorded in real time, including information theft botnets, intrusion attempts, spam, Deep Web or ransomware, among other types of malicious activities. The intelligence ingestion architecture of the Threat Intelligence repository platform is detailed below.

The malicious activity repository can be analysed from the Threat Intelligence section: