-
Extract investigable observables from arbitrary text: pull indicators of compromise such as IP addresses, URLs etc from blogs, emails, or any other input
Get consolidated verdicts on indicators from a suite of global threat intelligence providers
Collect detailed reports of sighting of observables in your environment
Take response and defensive actions provided by a variety of Cisco and third party tools already in your environment
-
Create, store, and manage groups of observables with associated notes in casebooks
Create, process, and triage incidents in the built-in Incident Manager
Take snapshots of ongoing investigations and store those snapshots as a permanent record of a point in time
-
Ingest 3rd party intelligence from shared communities, OSINT, or paid vendors
Track campaigns, actors, and TTPs seen in or likely to target your environment
Add your own additional judgements on observables and indicators tailored to your industry vertical, risk profile, etc.