ThreatBook - Threat Intelligence Platform

Multi-source Intelligence Management

Local intelligence storage; support for absorbing third-party intelligence or integrate with third-party SaaS interfaces through API gateways; built-in full life cycle management of intelligence

On-premises Threat Intelligence Production

Customer Generated Intelligence module to empowering customer to generate private threat intelligence in real time based on alerts of various devices. Support all major security orchestration devices and thrid-party brands

Ultra-high-frequency query RESTful APIs

Unique on-premises stable IO with ultra-high frequency for easy handling of massive data in core financial environments

Typical Application Scenarios

Scenario 1

Docking with Situational Awareness Platforms

Docks with situational awareness, DNS logs, external firewall or WAF to quickly detect compromised internal hosts and block IP of external attacks

Effectively reduces the “alert noise” caused by a large number of false alerts, and uses threat intelligence to improve detection and analysis capabilities of security devices by filtering, screening, and prioritizing alert events, and enriching context.

Scenario 2

Office Network Scenarios

Connects to the office network DNS logs and works with the firewall to quickly detect and block internal compromised hosts

Enable compromise awareness and response in office environments in a small and beautiful manner with no manual intervention required throughout the entire process, eliminating the need for endless construction cycles and reducing the response time to seconds

Scenario 1

Scenario 2

Docking with Situational Awareness Platforms

Docks with situational awareness, DNS logs, external firewall or WAF to quickly detect compromised internal hosts and block IP of external attacks

Office Network Scenarios

Connects to the office network DNS logs and works with the firewall to quickly detect and block internal compromised hosts

Intelligence Production

How to defend APT that are beyond the coverage of intelligence?

ThreatBook TIP automatically maintains the life cycle of private intelligence and enables overall defense against single-point attacks by docking with alerts of various security devices, producing threat intelligence locally and automatically through machine learning, and sending private intelligence back to all the security devices.

Multi-source Intelligence Management

Integration of various types of intelligence

Business intelligence, OSINT, third-party intelligence, advanced intelligence, private intelligence and custom intelligence

Built-in global leading intelligence

ThreatBook’s global leading core intelligence with accurate data and rich fields, built in locally and updated on hourly basis

Heterogeneous Intelligence mapping and management

Fine-grained mapping of multi-source heterogeneous intelligence for full integration into the intelligence management system

Ability to dock with platforms or SaaS APIs

Docks with third-party platforms or SaaS interfaces through API gateways in a unified manner

Attack Group Summarize

How to predict threat and prevent in advance with massive alerts?

Name of Attack Group

Unify attack group with common name

Background of Attack Group

Acquire attack group background automatically

Analysis based on Business

Enterprise affected business and properties

TIP assist enterprise to aggregate the name, background, properties of attack group and affected business according to threat intelligence hits.

Integrate with Third-party Security Platforms and Devices

Empower traditional security devices such as SoC / SIEM, firewall, and WAF with new threat detection capabilities

Joint actions with firewall, WAF, honeypot, intranet isolation device or your other devices

Real-time push of threat hits or private intelligence

Real-time detection and response

Know more about TIP?

start free trialstart free trial