Threat Intelligence Ecosystem

Threats are dynamic and attack vectors change constantly. Respond quickly and minimize damage by using the rich external context enabled by threat intelligence. Immediately know about dangerous IP addresses, files, processes, and other risks in your environment.

LogRhythm seamlessly incorporates threat intelligence from STIX/TAXII-compliant providers, commercial and open source feeds, and internal honeypots, all via an integrated threat intelligence ecosystem. The platform uses this data to reduce false-positives, detect hidden threats, and prioritize your most concerning alarms.


 


LogRhythm allows customers to seamlessly incorporate threat context into their LogRhythm deployments from industry-leading commercial and open source providers of threat intelligence, enabling faster detection of and response to:
  • Dangerous IPs accessing internal infrastructure
  • Users visiting risky URLs
  • Phishing attempts
  • Malware propagation
  • Other high-impact activities

Threat intelligence Eco


 Open Source Threat Intelligence

 Want to leverage open source threat feeds? LogRhythm helps you rapidly incorporate threat intelligence from several open source providers:

  •  Abuse.ch
  • Alienvault
  • AutoShun
  • HailaTaxii Open Source Feed
  •  Malware Domains
  • PhishTank
  • SANS-ISC
  • SpamHaus
  • TOR Network


Threat Intelligence Partners

STIX
STIX (Structured Threat Information eXpression) is a language for describing cyber threat information in a standardized and structured manner. The Trusted Automated Exchange of Indicator Information (TAXII) provides a trusted, automated exchange of cyber threat information captured in STIX format. These are part of an open, community-driven effort and offer free specifications to help automate the exchange of cyber threat information. LogRhythm provides the ability to add custom STIX/TAXII compliant providers, such as Soltra Edge, enabling organizations that participate in industry-specific or government-led trusted exchanges to easily incorporate threat intelligence into LogRhythm
Anomali
Anomali makes it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred.
Cisco
CISCO SYSTEMS INC. Is the worldwide leader in networking for the Internet. Cisco solutions are the networking foundations for service providers, small to medium business and enterprise customers which includes corporations, government agencies, utilities and educational institutions. Cisco’s networking solutions connect people, computing devices and computer networks, allowing people to access or transfer information without regard to differences in time, place or type of computer system.
Recorded Future
Recorded Future arms you with real-time threat intelligence so you can proactively defend your organization against cyber attacks. Its patented Web Intelligence Engine continuously analyzes the entire Web, giving you unmatched insight into emerging threats. Recorded Future helps protect four of the top five companies in the world.
Symantec
Symantec DeepSight™ Intelligence provides actionable data about malicious activity sources, emerging threats, and vulnerabilities. DeepSight Intelligence DataFeeds are derived from deep, proprietary analysis of billions of events from the Symantec™ Global Intelligence Network. This intelligence can reduce exposure to threats through automated integration with existing security solutions. This integration into existing processes and tools allows businesses to act appropriately and quickly, preventing security incidents before they happen.
Webroot
Webroot® is the market leader in cloud delivered security software as a service (SaaS) solutions for consumers, businesses and enterprises. We have revolutionized Internet security to protect all the ways you connect online. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud® security intelligence platform, and its SecureAnywhere™ suite of security products for endpoints, mobile devices and corporate networks.

Trusted by the Best