Multi-source Intelligence Management
Local intelligence storage; support for absorbing third-party intelligence or integrate with third-party SaaS interfaces through API gateways; built-in full life cycle management of intelligence
On-premises Threat Intelligence Production
Customer Generated Intelligence module to empowering customer to generate private threat intelligence in real time based on alerts of various devices. Support all major security orchestration devices and thrid-party brands
Ultra-high-frequency query RESTful APIs
Unique on-premises stable IO with ultra-high frequency for easy handling of massive data in core financial environments
Typical Application Scenarios
Scenario 1
Docking with Situational Awareness Platforms
Docking with Situational Awareness Platforms

Docks with situational awareness, DNS logs, external firewall or WAF to quickly detect compromised internal hosts and block IP of external attacks

Effectively reduces the “alert noise” caused by a large number of false alerts, and uses threat intelligence to improve detection and analysis capabilities of security devices by filtering, screening, and prioritizing alert events, and enriching context.

Scenario 2
Office Network Scenarios
Office Network Scenarios

Connects to the office network DNS logs and works with the firewall to quickly detect and block internal compromised hosts

Enable compromise awareness and response in office environments in a small and beautiful manner with no manual intervention required throughout the entire process, eliminating the need for endless construction cycles and reducing the response time to seconds

Scenario 1
Scenario 2
Docking with Situational Awareness Platforms
Docking with Situational Awareness Platforms

Docks with situational awareness, DNS logs, external firewall or WAF to quickly detect compromised internal hosts and block IP of external attacks

Effectively reduces the “alert noise” caused by a large number of false alerts, and uses threat intelligence to improve detection and analysis capabilities of security devices by filtering, screening, and prioritizing alert events, and enriching context.

Office Network Scenarios
Office Network Scenarios

Connects to the office network DNS logs and works with the firewall to quickly detect and block internal compromised hosts

Enable compromise awareness and response in office environments in a small and beautiful manner with no manual intervention required throughout the entire process, eliminating the need for endless construction cycles and reducing the response time to seconds

Intelligence Production
How to defend APT that are beyond the coverage of intelligence?
How to defend APT that are beyond the coverage of intelligence?
ThreatBook TIP automatically maintains the life cycle of private intelligence and enables overall defense against single-point attacks by docking with alerts of various security devices, producing threat intelligence locally and automatically through machine learning, and sending private intelligence back to all the security devices.
Multi-source Intelligence Management
Multi-source Intelligence Management
Integration of various types of intelligence
Business intelligence, OSINT, third-party intelligence, advanced intelligence, private intelligence and custom intelligence
Built-in global leading intelligence
ThreatBook’s global leading core intelligence with accurate data and rich fields, built in locally and updated on hourly basis
Heterogeneous Intelligence mapping and management
Fine-grained mapping of multi-source heterogeneous intelligence for full integration into the intelligence management system
Ability to dock with platforms or SaaS APIs
Docks with third-party platforms or SaaS interfaces through API gateways in a unified manner
Attack Group Summarize
How to predict threat and prevent in advance with massive alerts?
Name of Attack Group
Unify attack group with common name
Background of Attack Group
Acquire attack group background automatically
Analysis based on Business
Enterprise affected business and properties

TIP assist enterprise to aggregate the name, background, properties of attack group and affected business according to threat intelligence hits.

Integrate with Third-party Security Platforms and Devices
Integrate with Third-party Security Platforms and Devices
Empower traditional security devices such as SoC / SIEM, firewall, and WAF with new threat detection capabilities

Joint actions with firewall, WAF, honeypot, intranet isolation device or your other devices

Real-time push of threat hits or private intelligence

Real-time detection and response

Know more about TIP?
start free trialstart free trial
400-030-1051