It supports the access of business intelligence and open source intelligence, and integrates some selected open source intelligence sources for users to choose, enriching the threat intelligence data of users. At the same time, unified management and automatic intelligence update of multiple threat intelligence sources can be realized, and users can also monitor the running status of threat intelligence in real time through the platform.
Automatic aggregation of threat intelligence can be realized according to predefined rules. It effectively processes and correlates intelligence from commercial, open source, and internally generated intelligence to produce high-quality, usable threat intelligence information. The platform also supports user-defined intelligence aggregation capabilities.
It can effectively integrate with security equipment and management platform in user network, and provide API interface for integration to connect with intelligence consumption equipment, so as to realize automatic acquisition and use of intelligence.
The internal Shared intelligence can be aggregated and used by other users and security devices to help users truly establish a closed loop of threat intelligence utilization, and form personalized threat intelligence with internal environment background information to cope with the emerging attacks.
The collision between threat intelligence and local security logs is realized by collecting syslog logs. The access update of multi-source threat intelligence changes the disadvantage that single threat intelligence cannot be used by multiple devices and reduces the resource input; At the same time, it provides API interface, security equipment and security management platform for rapid integration, which reduces the development workload of users during the landing process of threat intelligence.
The functions of intelligence management and intelligence aggregation can simplify the workload of user threat intelligence management and update, ensure real-time update and rapid aggregation of intelligence, and greatly improve the level of user threat intelligence management and application.
To change the disadvantages of single intelligence consumption, establish a complete intelligence utilization loop in the user's local area, so that the user's local terminal and equipment are both consumers and producers of threat intelligence, and promote the improvement of threat intelligence quality.
By integrating threat intelligence, the capability of the original security equipment can be effectively improved to deal with unknown threats and APT attacks. Rich contextual information of threat intelligence can be utilized to help users effectively understand threats and reduce the difficulty of security problem disposal.
The log information of the original security equipment and solutions is integrated and stored in the threat intelligence platform through normalized processing, which is used for correlation analysis and collision with the aggregated threat intelligence to provide users with the security early warning function based on threat intelligence.