Continually Updated Threat Intelligence
Automate continually updated threat intelligence with Torq, and save valuable time enriching alerts and events data with up-to-date information pulled from various sources and correlated together into a single picture.
TLDR: Continually Updated Threat Intelligence
- Enrich information on IP, Domain, Email, File, Process
- Pull data from multiple intelligence sources, then combine and/or digest for faster decision making
- Run flows on a schedule, manually from Web, Slack, and/or CLI, or trigger automatically
- Deliver the collected information to the system of your choice (eg. ticketing, messaging, alerting, etc.)
What is Continually Updated Threat Intelligence?
Threat intelligence is data related to threat mechanisms, scope, techniques and indicators. Security teams use threat intelligence to enrich alert data, make better decisions about prioritizing certain events, responding to alerts and addressing threats.
Traditionally, Threat Intelligence is retrieved from and managed in dedicated solutions and services (or feeds), separate from security incident “detection” solutions, requiring integration for looking up the data based on alerts.
Automating Threat Intelligence involves obtaining indicators of compromise (IOCs) from various logs, alerts or other sources and automatically looking them up in various feeds, combining the output and either providing it to manual responders for consideration or leveraging it to kick-off additional automated processes.
Benefits of Continually Updated Threat Intelligence
- Save time on investigating alerts by automatically enriching data from Threat Intelligence feeds
- Reduce alert fatigue by identifying and eliminating false positives before they reach an analyst
- Identify new risks or undetected threats by triggering new threat hunting workflows when intelligence sources are updated
- Save analyst time and reduce exposure windows by automating block-lists and penalty-box management
How Torq Automates Threat Intelligence Updates Continuously
- Torq Threat Intelligence workflows can be triggered by events from existing security solutions, such as:
- SIEM Alert Rules
- EDR / XDR Detection Alerts
- Anomaly Detection Alerts
- Email Security Alerts
- Threat Intelligence workflows can also serve as “utilities” for analysts and get triggered manually from Slack, Web UI or CLI to help in an ongoing investigation
- Signatures, URLs, IP Addresses, Domains and Files can be uploaded to Threat Intelligence solutions for analysis, combining the results and enriching case management or messaging tools with the outcome
- If Threat Intelligence analysis outcome suggests a conclusion (such as malicious / suspicious / benign), automated actions can update case management tickets, escalate or close cases, manage block lists, etc.
Start Automating in Minutes
With Torq, any security professional of any skill level can easily connect multiple tools into an automated workflow that can be run as needed — triggered from an alert, or according to a schedule. Get started automating today! Build workflows with an easy drag and drop interface today. Zero coding or API knowledge required.