Threat Intelligence Platforms | ||||
Own feed providers / feed prep analytics centers | N/A | |||
Normalization, feed deduplication | ||||
Number of feed suppliers out of the box | 100+ | 20-100 | 100+ | 100+ |
CSV files | ||||
JSON files | ||||
HTTP-feed | N/A | |||
Email | ||||
STIX / TAXII Standards Support | ||||
Unstructured text data | N/A | |||
The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.) | ||||
Connecting additional feed providers | ||||
Search for matches in SIEM events | ||||
Direct incident response through integration with third-party information security systems | ||||
Responding to incidents using complex algorithms (playbooks) | N/A | N/A | ||
REST API Integration Capability | ||||
Manual adjustment of “weight” parameters for feed’s | N/A | N/A | ||
Ability to build a graph of links between feed’s objects and internal artifacts | N/A |
Threat Intelligence Platforms |
Own feed providers / feed prep analytics centers |
Normalization, feed deduplication |
Number of feed suppliers out of the box |
CSV files |
JSON files |
HTTP-feed |
Email |
STIX / TAXII Standards Support |
Unstructured text data |
The ability to enrich data from external sources (for example, WHOis, PassiveDNS, VirusTotal, etc.) |
Connecting additional feed providers |
Search for matches in SIEM events |
Direct incident response through integration with third-party information security systems |
Responding to incidents using complex algorithms (playbooks) |
REST API Integration Capability |
Manual adjustment of “weight” parameters for feed’s |
Ability to build a graph of links between feed’s objects and internal artifacts |