Threat Intelligence

Our Threat intel is made available using a threat intel platform (MISP) which can be accessed via web app, API, or MISP Sync. The intel can be exported to txt, csv, STIX, MISP, etc. as needed to import into your IDS, SIEM, EDR, SOAR, etc. If you require assistance with the setup in your environment, we are here to support you every step of the way.

Threat Feed

Our Threat Feed service specializes in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, Meterpreter, and more. Our commitment to staying at the forefront of threat intelligence means that we are constantly updating our feed by adding new frameworks as they emerge and removing obsolete ones.

This feed comprises lists of IP addresses designed for the detection of egress traffic. Additionally, as an Add-On to this service, we offer IP and Port combinations to enhance your threat detection capabilities.

Private Threat Briefs

This service encompasses over 50 private reports annually. These reports follow a format similar to our public reports but are more concise in nature. In contrast to our public reports, these briefs are typically released shortly after an intrusion, sometimes even while the intrusion is still ongoing.

All Intel

Our comprehensive All Intel service includes the Threat Feed, Private Threat Briefs, exploit events, long-term infrastructure tracking, clustering, Cobalt Strike configurations, C2 domains, and a curated collection of intelligence, which includes non-public case data.

Pricing

Pricing is dependent on use. Please Contact Us for pricing and/or questions.