With this latest release, our strategic and operational threat intelligence can be easily ingested into an organization’s SIEM and flag logs where an IOC is detected to raise a relevant alert,
Sterling, VA (PRWEB)
June 19, 2017
SurfWatch Labs, a provider of cyber threat intelligence solutions, announces the general availability of STIX/TAXII 2 formatted IOCs delivered via the SurfWatch Analytics API. With this tactical threat data added to SurfWatch Labs’ external threat intel feed, customers can now view the same IOCs that the SurfWatch analyst team researches when analyzing either active cyber threats or an actor’s tactics, techniques, and practices (TTPs). Using the STIX/TAXII format enables simple integration with most SIEM platforms.
Examples of IOCs included in SurfWatch Analytics API are IP blacklists, URL blacklists, malware signatures, and leaked account credentials found in campaigns such as phishing, ransomware and advanced persistent threats (APTs). Additionally, SurfWatch Labs has become a Splunk Technology Alliance Partner (TAP) and the SurfWatch Analytics API is now pre-configured to seamlessly integrate with Splunk.
“With this latest release, our strategic and operational threat intelligence can be easily ingested into an organization’s SIEM and flag logs where an IOC is detected to raise a relevant alert,” said Chip Hathaway, VP of Delivery, SurfWatch Labs. “This allows SurfWatch customers to further operationalize the evaluated external intelligence we provide by directly tying it into their SOC.”
The SurfWatch Analytics API continuously collects, standardizes and analyzes cyber-related information from social media, news sites, blogs, phishing…