Threat Intelligence Platforms
Own feed providers / feed prep analytics centers
AvaliableN/AAvaliableAvaliable
Normalization, feed deduplication
AvaliableAvaliableAvaliableAvaliable
Number of feed suppliers out of the box
100+20-100100+100+
CSV files
AvaliableAvaliableAvaliableAvaliable
JSON files
AvaliableAvaliableAvaliableAvaliable
HTTP-feed
AvaliableAvaliableAvaliableN/A
Email
AvaliableAvaliableAvaliableAvaliable
STIX / TAXII Standards Support
AvaliableAvaliableAvaliableAvaliable
Unstructured text data
AvaliableN/AAvaliableAvaliable
The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.)
AvaliableAvaliableAvaliableAvaliable
Connecting additional feed providers
AvaliableAvaliableAvaliableAvaliable
Search for matches in SIEM events
AvaliableAvaliableAvaliableAvaliable
Direct incident response through integration with third-party information security systems
AvaliableAvaliableAvaliableAvaliable
Responding to incidents using complex algorithms (playbooks)
N/AN/AAvaliableAvaliable
REST API Integration Capability
AvaliableAvaliableAvaliableAvaliable
Manual adjustment of “weight” parameters for feed’s
AvaliableN/AN/AAvaliable
Ability to build a graph of links between feed’s objects and internal artifacts
AvaliableAvaliableN/AAvaliable
Threat Intelligence Platforms
Own feed providers / feed prep analytics centers
Normalization, feed deduplication
Number of feed suppliers out of the box
CSV files
JSON files
HTTP-feed
Email
STIX / TAXII Standards Support
Unstructured text data
The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.)
Connecting additional feed providers
Search for matches in SIEM events
Direct incident response through integration with third-party information security systems
Responding to incidents using complex algorithms (playbooks)
REST API Integration Capability
Manual adjustment of “weight” parameters for feed’s
Ability to build a graph of links between feed’s objects and internal artifacts