Partnerships

Accenture CTI Threat Feed

Technology Integration

The Accenture CTI Threat Feed is a highly refined, human-curated, intelligence source that provides insight on the latest threats with an exceptionally low false-positive ratio. Coupled with Accenture’s world-class cybersecurity services, our CTI Threat Feed will help your teams to achieve more than just “cyber security”; they will help you achieve cyber resilience.

AlienVault

Integration Partner

AlienVault, now integrated with AT&T Cybersecurity, provides the Unified Security Management (USM) platform. This all-in-one solution seamlessly integrates critical security capabilities, including asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM. By unifying these essential tools, USM delivers comprehensive monitoring and robust threat detection to simplify and enhance security management.

AlienVault Open Threat Exchange

Technology Integration

The AlienVault Open Threat Exchange (OTX) is a system for sharing threat intelligence among OSSIM users and AlienVault customers.

Amazon

Integration Partner

Amazon S3 is an object storage service offering unmatched scalability, data availability, security, and performance. It allows businesses of all sizes to store and protect unlimited data for various use cases, including websites, apps, backups, archives, and analytics. With intuitive management tools and customizable access controls, Amazon S3 meets diverse business and compliance needs. Designed for 99.999999999% durability, it supports millions of applications worldwide.

Amazon S3

Technology Integration

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.

Applied Cyber Defense Systems

Managed Service Partner

RELENTLESS DEFENSES We adapt to protect businesses from cyberattacks with sophisticated cybersecurity solutions. Our philosophy is simple. It takes a good hacker to beat a malicious one. In order to understand and defend against attacks, we need to think like they do. Our next-gen security mechanisms are supported by Intercept, engineered by ACDS, to deliver some of the most sophisticated defenses in the world – without compromise! 77% of companies do not have an incident response plan in place, and we believe that every company should be afforded the best possible protection against cybercriminals who intend to destabilize your business or success.

ASM Technologies

Managed Service Partner

Established in 1992, ASM Technologies Limited is a publicly-listed company in India with a global presence in the USA, Singapore, UK, Canada, Mexico, and Japan. With over two decades of experience, ASM has been providing world-class consulting and product development services in the areas of Engineering Services and Product R&D with successful Offshore Development & Support Centers in India and Overseas for its global clientele.

Atkins

Commercial Partner

Atkins is one of the world’s most respected design, engineering and project management consultancies. We build long-term trusted partnerships to create a world where lives are enriched through the implementation of our ideas. On July 3, 2017, Atkins was acquired by SNC-Lavalin. Founded in 1911, SNC-Lavalin is a global, fully integrated professional services and project management company and a major player in the ownership of infrastructure. The combined entity of Atkins and SNC-Lavalin has created one of the largest global engineering and project management consultancies with approximately 50,000 employees and operating across 50 countries.

Binary Defense Artillery

Integration Partner

Binary Defense is a cybersecurity firm specializing in Managed Detection and Response (MDR) services. They offer comprehensive security solutions, including threat hunting, digital risk protection, and incident response, to help organizations detect and respond to cyber threats effectively.

Binary Defense Artillery

Technology Integration

Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems.

Bitdefender

Integration Partner

The Bitdefender Advanced Threat Intelligence solution helps security professionals gain visibility into the latest threats by using up-to-date, contextual intelligence on URLs, IPs, domains, certificates, files, Command and Control servers and Advanced Persistent Threats.

BitDefender

Technology Integration

The Bitdefender Advanced Threat Intelligence solution helps security professionals gain visibility into the latest threats by using up-to-date, contextual intelligence on URLs, IPs, domains, certificates, files, Command and Control servers and Advanced Persistent Threats.

BitSight

Integration Partner

BitSight, established in 2011, is a cybersecurity firm that pioneered the security ratings industry. They provide organizations with data-driven insights to assess and manage cyber risk, enabling better decision-making and fostering trust in the digital economy.

Blu5

Commercial Partner

Blu5 Group specializes in cybersecurity solutions based on Zero Trust principles and secure virtual networking. Their offerings aim to enhance cyber resilience and optimize network security by reducing system complexity and supporting hybrid, scalable infrastructures.

Bytes Technology Group

Commercial Partner

Bytes is a leading provider of world-class IT solutions, offering services in cloud computing, cybersecurity, software licensing, and managed services. Established in 1982, the company has grown to employ over 710 people in the UK and Ireland, partnering with top technology vendors to help businesses achieve maximum IT efficiency and security

CentralOps.net

Integration Partner

CentralOps.net is a platform operated by Hexillion Technologies, offering a suite of free online network tools for investigating and troubleshooting internet resources like domain names, IP addresses, email addresses, and URLs. The platform includes utilities such as traceroute, nslookup, dig, whois lookup, ping, and proprietary tools like Domain Dossier and Email Dossier, all compatible with IPv6. It enables users to gather detailed information about domains and IP addresses, including ownership, registrar data, and DNS records.

Centralpoint Nederland

Commercial Partner

Centralpoint is de grootste merkonafhankelijke IT-leverancier van de Benelux en specialist in IT-oplossingen voor organisaties, klein en groot. Wij zijn professionals voor professionals en zorgen dat je altijd en overal zorgeloos kunt werken met de beste technologie. Voor elk IT-vraagstuk hebben we een concrete oplossing. We houden het eenvoudig en creëren duidelijkheid bij complexe IT-uitdagingen. Of dat nu gaat om beveiliging, dataopslag, connectiviteit, mobiel werken, beheer of onderhoud en logistiek. Wij doen alleen waar we goed in zijn, zodat jij kan doen waar jij goed in bent. Wij krijgen energie van IT en zorgen ervoor dat het werkt zoals het hoort. Onze 550 medewerkers in Nederland en België staan altijd voor je klaar!

CIRCL - Computer Incident Response Center Luxembourg

Integration Partner

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative focused on gathering, analyzing, reporting, and responding to cybersecurity threats and incidents. One of their key services, the Passive SSL service, maintains a historical database of X.509 certificates observed per IP address, aiding security professionals in tracking SSL certificate usage over time through accessible public datasets and a REST API.

CIRCL Passive SSL

Technology Integration

CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address, which makes it searchable for incident handlers, security analysts or researchers. The Passive SSL enricher will retrieve domains and IP’s associated with an SSL Certificate hash.

CISA

Integration Partner

The Cybersecurity and Infrastructure Security Agency (CISA) serves as the operational lead for federal cybersecurity and acts as the national coordinator for critical infrastructure security and resilience. Built on collaboration and partnership, CISA's mission is to reduce risks to the nation's cyber and physical infrastructure through a multi-layered, integrated approach.

Cisco

Integration Partner

The Cisco Umbrella API helps analysts quickly understand registration details, similar domains and potential malicious ties to observable data. With this integration, analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. Combining this integration with EclecticIQ Platform enables analysts to dynamically build a repository of intelligence relating to domain activity.

Cisco Threat Grid

Technology Integration

Cisco Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world. Threat Grid content feeds are pre-generated, curated sets of behavioural indicators that are produced in the Threat Grid Cloud infrastructure from sample analysis results. Feeds are used by organizations and partners for targeted threat intelligence, by focusing on the specific types of threats faced by particular industries.

Cisco Umbrella

Technology Integration

The Cisco Umbrella API helps analysts quickly understand registration details, similar domains and potential malicious ties to observable data. With this integration, analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. Combining this integration with EclecticIQ Platform enables analysts to dynamically build a repository of intelligence relating to domain activity.

Cofense

Integration Partner

Cofense is a leader in email security, combining industry-leading security awareness training with advanced threat detection and response solutions. Leveraging data from over 35 million trained employees who actively report suspected phishing threats in real-time, Cofense provides unparalleled threat intelligence. This unique approach enables the company to identify and stop threats that other standard email controls may miss.

Cofense PhishMe

Technology Integration

Cofense PhishMe is the leading provider of human-driven phishing defense solutions worldwide. Our collective defense suite combines best-in class incident response technologies with timely attack intelligence sourced from employees. Cofense enables thousands of global organizations to stop attacks in progress faster and stay ahead of breaches.

Common Vulnerabilities and Exposures (CVE)

Technology Integration

Enrich intelligence with exploit target information, from the standard source of vulnerabilities and exposures: the MITRE corporation. The enricher and feed uses the Computer Incident Response Center Luxembourg (CIRCL) cve-search API to retrieve all the available details.

Consortium Networks

Commercial Partner

We educate and connect the IT security community through the power of people and crowdsourced threat intelligence. Consortium Networks is committed to providing businesses with the most relevant, up-to-date technology information, with a focus on cybersecurity. By connecting technology customers, vendors, and experts, we strive to be the go-to resource for guidance regarding all your IT requirements. We are the first organization dedicated to providing real-world feedback and data on solutions in operation in production environments at peer organizations.

Cosive

Commercial Partner

Cosive is a specialist in incident response and threat intelligence. We have expert knowledge of CSIRTs and SOCs, and we understand your pain points. We will help you optimise your processes and tools and to find the best solution for your needs.

CrowdStrike

Integration Partner

CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and related services. Their Falcon platform helps customers prevent targeted attacks, detect advanced threats in real time, and reduce incident response times. CrowdStrike serves major blue-chip companies and sophisticated government agencies globally.

CrowdStrike Falcon Insight / EDR

Technology Integration

CrowdStrike® Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics. This ensures nothing is missed, leaving attackers with no place to hide. Falcon Insight provides organizations with state-of-the-art endpoint detection and response (EDR), following an approach recommended by top analyst firms such as Gartner.

Crowdstrike Falcon Intelligence

Technology Integration

Crowdstrike is a global leader in the cloud-delivered next-generation endpoint protection. With a single lightweight agent, CrowdStrike is the first company to unify next-generation antivirus that includes machine learning and behavioral analytics, endpoint detection and response (EDR), and a 24/7 managed hunting service all in one lightweight agent. Falcon Intelligence ^TM is a cost-effective program tailored to each company’s needs and requirements and addresses the legal and technical aspects of preventing harm that results from a cyberattack.

CyberCrime Tracker

Technology Integration

Cyber Crime Tracker is dedicated to providing an API driven IP address and domain data feed for the tracking and blacklisting of C&C server, botnet activity.

CyberCX

Commercial Partner

CyberCX is a leading provider of professional cyber security and cloud services across the United States, United Kingdom, Australia, and New Zealand. With a workforce of over 1,300 professionals, they offer comprehensive services including consulting and advisory, governance, risk and compliance, incident response, penetration testing and assurance, network and infrastructure solutions, cloud security and solutions, identity and access management, managed security services, and cyber security training.

Cybereason

Integration Partner

Cybereason is a cybersecurity company specializing in endpoint protection, detection, and response. Their Defense Platform offers comprehensive security solutions, including Next-Generation Antivirus (NGAV), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), to safeguard organizations against advanced cyber threats. Cybereason's unique MalOp™ (Malicious Operation) technology provides an operation-centric view of attacks, enabling security teams to detect and remediate threats more effectively.

Cybereason Endpoint Detection and Response (EDR)

Technology Integration

Using the Cyberreason Defense Platform, users are able to leverage the power of EclecticIQ Platform. Users can receive IOCs from the platform to trigger security alerts, and send sightings back to EclecticIQ Platform.

CyberKnight

Commercial Partner

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) covering the Middle East with on-the-ground presence in all key regional markets. Our ZTX (Zero Trust Security) methodology, based on the Forrester framework, incorporates emerging and market-leading cybersecurity solutions that protect the entire attack surface, by leveraging AI, threat intelligence and collective defense. CyberKnight helps security and risk teams at enterprise and government customers simplify breach detection, prevention and incident response, while addressing regulatory compliance. CyberKnight's Art of Cybersecurity Distribution methodology enables strategic partners to achieve greater market penetration, return-on-investment and time-to-value.

Cybersolutions

Commercial Partner

Cybersolutions, established in 2011, is a French cybersecurity firm offering services such as security audits, penetration testing, and managed security operations center (SOC) solutions. They assist organizations in complying with standards like NIS 2 and ISO 27001, and provide training to enhance cybersecurity awareness among employees.

Cyfirma

Integration Partner

CYFIRMA is a cybersecurity firm specializing in External Threat Landscape Management (ETLM). Their platform integrates cyber intelligence, attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, and digital risk protection to provide organizations with a comprehensive view of their threat landscape. This approach enables businesses to proactively identify and mitigate potential cyber threats.

Deloitte Risk Advisory (Italy)

Commercial Partner

Deloitte’s Cyber Intelligence Centre (CIC) has been established to be your go to resource for cyber support. We offer a broad range of cyber and managed services to help you tackle the ever changing risk landscape. Whether it’s threat monitoring, threat intelligence, data protection, incident response and more, our team of specialists can help.

Devoteam

Commercial Partner

Devoteam delivers Innovative Technology Consulting for Business, with a unique Transformation DNA. The 7 core offers are cybersecurity, data as a service,transformation management, agile IT, digital workplace, customer experience, and business process excellence.

Digital Shadows SearchLight

Technology Integration

Digital Shadows SearchLight protects against external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation.

Dinova

Commercial Partner

Dinova, formerly DeepCyber, provides cybersecurity and anti-fraud solutions focused on advanced intelligence and data fusion techniques. Their services are designed to enhance protection and offer custom, intelligence-driven strategies for combating cyber threats.

DomainTools

Integration Partner

DomainTools provides an extensive, searchable database of domain name registrations, Whois records, and hosting data, used for online investigations and research. It supports cybersecurity analysts, fraud investigators, domain experts, and marketers in investigating cybercrime, protecting assets, and monitoring online activities.

DomainTools

Technology Integration

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

DomainTools Domain Profile

Technology Integration

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network and connect them with nearly every active domain on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

DomainTools Reverse IP Whois

Technology Integration

The Whois Lookup API provides the ownership record for a domain name or IP address with basic registration details. The API is optimized to respond quickly and is designed to handle a high volume of parallel requests. This is the ideal product to use if you have a busy web site or a long list of domains that you need to process.

Dragos

Integration Partner

Dragos is a cybersecurity company dedicated to safeguarding industrial control systems (ICS) and operational technology (OT) environments. Their platform offers comprehensive asset visibility, advanced threat detection, and effective vulnerability management tailored to the unique challenges of OT systems. By integrating extensive OT-specific threat intelligence, Dragos enables organizations to monitor networks, identify vulnerabilities, and respond to cybersecurity threats with in-depth insights from their team of OT vulnerability analysts and adversary hunters.

Dragos

Technology Integration

As a leading provider of industrial control systems cybersecurity, the Dragos threat detection and response platform codifies decades of real-world experience in advanced threat analytics. It provides operational and information technology practitioners unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape. Through the integration with EclecticIQ Platform, Threat Intelligence Analysts now have access to relevant reports, Indicators, Threat Actors, TTPs and observables that Dragos provides for this unique threat landscape.

DShield

Technology Integration

DShield provides a platform for users of firewalls and intrusion detection systems to share intrusion information. This data is cataloged and summarized and can be used to discover trends in activity, confirm widespread attacks. This data is accessable through the Internet Storm Center/DShield REST API. DShield is a free and open service.

EclecticIQ Browser Extension

Technology Integration

The Browser Extension is an add-on for your web browser, specifically made for EclecticIQ Platform. It lets analysts quickly and easily process both external threat data found in human-written reports and machine-generated data from internal security controls. Analysts can capture the data, structure it and subsequently ingest it into their Platform in one flow, without ever leaving the page they are on.

EclecticIQ Custom Integrations

Technology Integration

Besides the integrations listed above, organizations can configure their own custom integration based on the following standards: ArcSight CEF, EclecticIQ CSV, EclecticIQ JSON, Email (IMAP), File system, FTP Push, HTTP Download, STIX 1.2, Syslog (UDP/TCP), TAXII (Poll/Push), Plain text (e.g. Snort Rules, Yara Signatures)

EclecticIQ FortiSOAR connector

Technology Integration

The EclecticIQ FortiSOAR connector, facilitates automated interactions, with the EclecticIQ platform using FortiSOAR playbooks. Add the EclecticIQ connector as a step in FortiSOAR playbooks and perform automated operations, such as retrieving reputations of domains, URLs, IP addresses, etc., from EclecticIQ, querying the EclecticIQ platform for entities, and creating sighting in the EclecticIQ platform.

EclecticIQ Security Controls

Technology Integration

Help your system administrators to respond faster to attempted intrusions by adding essential context to your IT security controls. Integrate real-time threat intelligence into:

• Snort
• Suricata
• Any standards-based IPS/IDS

EclecticIQ STIX-formatted data

Technology Integration

Any data provided in STIX (1.0, 1.1.1, 1.2) format, including FS-ISAC and MISP feeds.

Elastic

Integration Partner

Elastic Security is a comprehensive solution that empowers organizations to protect, investigate, and respond to cyber threats using AI-driven analytics. Built on the Elastic Search AI Platform, it offers capabilities such as Security Information and Event Management (SIEM), endpoint security, and threat research, enabling teams to detect complex threats, streamline investigations, and automate responses.

Elemendar

Integration Partner

Elemendar, established in 2017, specializes in artificial intelligence solutions for cybersecurity. Their platform automates the conversion of human-authored cyber threat intelligence into machine-readable data, enabling organizations to efficiently detect and respond to cyber threats.

Elemendar READ

Technology Integration

READ. processes human-authored, unstructured CTI reports into structured CTI data. This machine-readable data can then be fed directly into a TIP or defensive systems. Data Extraction, STIX Processing and Output is completed seamlessly within READ. allowing analysts to pivot from extensive CTI documents to valuable, actionable data within seconds. The extracted text is analysed using Elemendar’s proprietary, machine learning-powered Natural Language Processing engine.

Ensign InfoSecurity Pte Ltd

Commercial Partner

Ensign InfoSecurity is Asia's largest pure-play cybersecurity firm, offering strategic advisory, robust defense solutions, and advanced cybersecurity operations. They provide services such as threat detection, continuous monitoring, and rapid response, all powered by cutting-edge innovation and threat intelligence

Farsight Security

Integration Partner

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

Farsight Security DNSDB

Technology Integration

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

FireEye iSIGHT Intelligence

Technology Integration

FireEye iSIGHT Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. Our high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack. It helps mitigate risk, bolster incident response, and enhance your overall security ecosystem.

Flashpoint

Integration Partner

Flashpoint is a leading provider of threat intelligence and risk prevention solutions, offering comprehensive data and insights to help organizations identify and mitigate cyber and physical security threats. Their platform delivers actionable intelligence across various domains, including cyber threat intelligence, vulnerability management, and physical security, enabling clients to proactively address emerging risks and protect critical assets.

Flashpoint

Technology Integration

Flashpoint is the market leader in threat intelligence from the Deep and Dark Web. Flashpoint’s products illuminate threatening actors, relationships, behaviors, and networks.

FS-ISAC

Integration Partner

The Financial Services Information Sharing and Analysis Center is the global financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC operates as a member-owned non profit entity. EclecticIQ is an affiliate member.

FS-ISAC

Technology Integration

FS-ISAC leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

Global Resilience Federation (GRF)

Commercial Partner

GRF builds, develops and connects security information sharing communities. GRF is a provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world.

Google Chronicle

Integration Partner

Google Security Operations SIEM is a cloud-based service built on Google's core infrastructure, enabling enterprises to securely retain, analyze, and search extensive security and network telemetry. It normalizes, indexes, correlates, and analyzes data to deliver real-time analysis and context on potential threats and risky activities.

GreyNoise

Technology Integration

GreyNoise helps security teams focus on threats that really matter, and ignore the ones that don’t. We collect, analyze and label data on IP addresses that scan and attack the entire internet, saturating security teams with alerts. This unique perspective helps analysts focus their time on targeted and emerging threats, and waste less time on irrelevant or harmless activity.

Group-IB

Integration Partner

Group-IB's Threat Intelligence Platform provides actionable insights into cyber threats, offering strategic, operational, and tactical intelligence. It helps organizations anticipate attacks, understand threat trends, and strengthen defenses. The platform integrates with security systems, automating workflows and delivering tailored reports.

Group-IB Threat Intelligence

Technology Integration

Group-IB is a global provider of security services and threat intelligence solutions with profound expertise providing the global security community insights into Russian-speaking cyber criminal groups and their tactics.

GTEL Information And Communication Technology Co., Ltd

Commercial Partner

GTEL is a state-owned enterprise under the Ministry of Public Security of Vietnam, established in 2007. GTEL specializes in telecommunications and information technology, offering services such as mobile communications through its Gmobile brand, IT solutions, and infrastructure services, with a focus on security and national defense.

Hail a TAXII

Technology Integration

Hail a TAXII.com is a repository of Open Source Cyber Threat Intelligence feeds in STIX format.

Hexillion CentralOps

Technology Integration

The Central Ops.net integration enables analysts to investigate domains and IP addresses. This enricher provides registrant information, DNS records and more. All the information is delivered all in one report; making it much quicker and easier for the analyst. Unlike the free service, this paid account means that there is no limit on the amount of times you need to access the tool.

Hybrid Analysis

Technology Integration

This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

IBM QRadar SIEM

Technology Integration

IBM QRadar SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives.

IBM QRadar SOAR

Technology Integration

IBM QRadar SOAR is the leading platform for orchestrating and automating incident response processes. IBM QRadar SOAR Platform quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats. The latest innovation to IBM QRadar SOAR, Dynamic Playbooks, provides the agility, intelligence, and sophistication needed to contend with complex attacks.

IBM Security

Integration Partner

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world- renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide.

Infoblox

Integration Partner

Infoblox's DDI solution integrates DNS, DHCP, and IP Address Management into a unified platform, streamlining network services across hybrid and multi-cloud environments. This integration enhances network reliability, simplifies management, and provides centralized control, enabling organizations to efficiently manage IP resources, automate workflows, and maintain consistent network operations.

Infoblox DNS, DHCP, AND IPAM (DDI)

Technology Integration

Infoblox DDI is a industry-leading, integrated, and centrally managed approach to delivering enterprise-grade DDI. It uses the patented Infoblox Grid ^TM technology to ensure high availability DNS, DHCP, and IPAM services throughout your distributed network. Infoblox DDI makes it easier for you to achieve higher levels service uptime, security, and operational efficiencies across diverse infrastructure, including on-prem, cloud and hybrid deployments.

Intel 471

Integration Partner

Intel 471 offers actor-centric intelligence collection designed for leading cyber threat intelligence teams. Their focus is on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate, and plan attacks, providing unparalleled insights into adversary activities and threats.

Intel 471 Adversary Intelligence

Technology Integration

Intel 471 provides Adversary and Malware Intelligence for leading intelligence, security and fraud teams. Adversary Intelligence is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber-attacks. Malware Intelligence leverages our underground access to provide timely data and context on malware and adversary infrastructure.

Intel 471 Malware Intelligence

Technology Integration

Intel 471 provides Adversary and Malware Intelligence for leading intelligence, security and fraud teams. Adversary Intelligence is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber-attacks. Malware Intelligence leverages our underground access to provide timely data and context on malware and adversary infrastructure.

IntSights, now part of Rapid7, delivers best-in-class, cloud-native external threat detection, enhancing Rapid7’s industry-leading security operations platform to provide customers with comprehensive end-to-end threat detection, automation, and remediation for both external and internal threats.

IntSights Alerts

Technology Integration

The IntSights vision is to make external intelligence instantly accessible for organizations of any type or size by synthesizing complex signals captured from across the clear, deep, and dark web into contextualized, prioritized, and actionable intelligence.

Joe Sandbox

Technology Integration

Deep Malware Analysis for Windows, macOS, Linux, Android and iOS

Joe Security

Integration Partner

Joe Security specializes in advanced malware analysis tools, with its flagship product Joe Sandbox offering in-depth analysis of threats across Windows, macOS, Android, and Linux. It uses hybrid code analysis and other technologies to provide detailed threat insights.

Kaspersky

Integration Partner

Kaspersky's Threat Intelligence services provide organizations with comprehensive insights into cyber threats, enhancing their security posture. The offerings include Threat Data Feeds, Threat Lookup, Threat Analysis, Digital Footprint Intelligence, and APT Intelligence Reporting, all designed to deliver actionable intelligence throughout the incident management cycle. These services integrate seamlessly with existing security systems, enabling instant threat detection, analysis, and alert prioritization, thereby empowering organizations to make informed tactical and strategic decisions.

Kaspersky APT Intelligence Reporting

Technology Integration

Exclusive, proactive access to Kaspersky’s most recent investigations and insights, revealing the methods, tactics and tools used by APT actors in high-profile cyberespionage campaigns with cross-sector targeting. Information provided in these reports allows to improve threat hunting missions and develop effective security use cases for proactive defense.

Kaspersky Threat Data Feeds

Technology Integration

Context-rich and immediately actionable threat intelligence feeds containing information on suspicious and dangerous IPs, URLs and file hashes, enable efficient alert triage process while providing enough context to immediately identify alerts that need to be investigated or escalated to incident response team.

Kaspersky Threat Lookup

Technology Integration

All the knowledge acquired by Kaspersky about cyberthreats, legitimate objects and their various relationships, brought together into a single, powerful web service. Real-time search of many petabytes of threat relationship data enables highly effective incident investigations and threat hunting.

KPN

Commercial Partner

KPN offers a suitable solution for the greatest risks in the field of cyber security. KPN makes a distinction between preventive measures, detection measures, response measures and remedial measures.

Mandiant

Integration Partner

Mandiant is a leading American cybersecurity firm specializing in threat intelligence, incident response, and cybersecurity consulting services. Founded in 2004, the company provides in-depth analysis and remediation of advanced cyber threats, helping organizations protect themselves from evolving digital attacks. Known for its expertise in investigating high-profile breaches, Mandiant became part of Google Cloud in 2022, expanding its global impact on cybersecurity resilience

MaxMind GeoIP

Technology Integration

MaxMind an industry-leading provider of IP intelligence. EclecticIQ Platform users can leverage GeoIP databases to enrich and develop context on their IP feeds.

Micro Focus ArcSight

Integration Partner

Micro Focus ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected.

Micro Focus ArcSight ESM

Technology Integration

Micro Focus ArcSight ESM identifies and prioritize threats in real time so you can respond and remediate quickly. Correlate security logs from multiple data feeds, improve the accuracy of security alerts with complex use cases, and uncover advanced cyber attacks that previously went undetected.

Microsoft

Integration Partner

Microsoft is a leading technology company known for developing software, hardware, and cloud services. Its cybersecurity solutions include Microsoft Sentinel, a cloud-native SIEM and SOAR platform that provides intelligent security analytics and threat detection, and Microsoft Defender, a comprehensive suite offering threat protection for endpoints, identity, cloud, and more. Together, these products help organizations detect, prevent, and respond to cyber threats efficiently.

Microsoft Sentinel

Technology Integration

See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.

MISP

Technology Integration

MISP is an open source platform that allows for easy IOC sharing among distinct organizations. With this MISP integration, threat analysts can ingest the IOCs they receive from MISP and apply their threat investigation and dissemination workflows right from EclecticIQ Platform. Download the Solutions Brief for more detailed information.

National Institute of Standards and Technology (NIST)

Integration Partner

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce.

New Context

Commercial Partner

New Context is the security innovator for highly regulated industries. Our products and consulting services enable global leaders in energy, government and across the enterprise to prepare for security orchestration, building critical infrastructure that works with emerging technologies. New Context consultants work as high-value partners of customer security operations, building tools for CTI, security automation & orchestration and data governance.

NL Platform

Community Partner

NL Platform, EclecticIQ and more organizations have created a joint initiative between knowledge institutes and the Dutch government to assist Europe in advancing global cybersecurity ambitions together.

NSFOCUS

Integration Partner

NSFOCUS is a global cybersecurity company specializing in cloud security, DDoS protection, and web security solutions. With over 20 years of experience, they offer services such as Anti-DDoS systems, Web Application Firewalls, and Threat Intelligence to safeguard enterprises and service providers against evolving cyber threats. Their solutions are designed to enhance network security, ensure business continuity, and protect critical assets.

NSFocus

Technology Integration

The integration of NSFocus Global Intelligence includes both the feed and enricher. NSFocus Threat Intelligence, with its extensive sources, provides analysts with enricher information for IP addresses, Domains, CVEs and files. The NSFocus API allows analysts to work with the security event data as a feed. The cyber threat landscape in China is larger and more complex than anywhere else. With this integration, analysts have insight into world's largest numbers of Internet-connected devices and, vast numbers of Internet users.

NTT DATA Intellilink (NDI)

Commercial Partner

NTT DATA INTELLILINK as a platform technology leader in NTT DATA Group, offers consulting and systems integra­tion services delivered by the best pro­fessionals in IT industry across the globe. Our unique capabilities in system platform stack tightly coupled with NTT DATA's deep and broad industry exper­tise.

NVD (National Vulnerability Database)

Technology Integration

The NVD (National Vulnerability Database) Vulnerability Intelligence Feed retrieves CVEs (Common Vulnerability and Exploits) from the NVD CVE API. NVD offers this as a free service -- any customer can use this integration. This integration mainly supports vulnerability management use-cases in the platform.

Nxthop

Commercial Partner

NxtHop is a cybersecurity solutions distributor offering a comprehensive portfolio designed in line with the NIST security framework. Their services include fully automated penetration testing, adversary cyber emulation, and continuous security validation, all aimed at enhancing organizational resilience against cyber threats.

OASIS CTI Technical Committee

Community Partner

The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence.

OpenPhish

Technology Integration

OpenPhish is dedicated to providing timely, accurate, and relevant Phishing Intelligence.

Palo Alto Networks

Integration Partner

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before

Palo Alto Networks AutoFocus

Technology Integration

AutoFocus contextual threat intelligence brings speed, consistency and precision to threat investigation. It provides instant access to community-based threat data, enhanced with deep context and attribution from the Unit 42 threat research team, saving time and effort. Now teams can quickly investigate, correlate and pinpoint malware’s root cause without adding dedicated malware researchers or additional tools. Plus, automated protections make it simple to turn raw intelligence into protection across your environment.

Palo Alto Networks Cortex SOAR

Technology Integration

Cortex XSOAR helps simplify security operations by unifying automation, case management, real-time collaboration, and threat intelligence management. You can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence, and automate response options for virtually any use case to speed up investigations.

PCS Security

Commercial Partner

PCS Security is a Singapore-based solution provider with years of experience and accolades in providing secure, reliable and state-of-the-art security solutions to help our Customers address their security concerns. We deliver full turn-key solutions from design, integration, commissioning to post-implementation maintenance and support.

PhishTank

Technology Integration

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

Pink Elephant

Commercial Partner

Pink Elephant is a global leader in IT service management, offering over 40 years of expertise in training, consulting, managed IT support, and ITSM technology solutions. They specialize in connecting people, processes, and technology to enhance service delivery, reduce IT costs, and drive business growth

Proofpoint

Integration Partner

Proofpoint's Emerging Threat (ET) Intelligence provides timely and accurate threat intelligence feeds, enabling organizations to identify IP addresses and domains involved in suspicious or malicious activities. These feeds are based on behavior observed directly by Proofpoint ET Labs and can be integrated into various security tools, such as SIEMs, firewalls, and intrusion detection systems.

PT Artapala Telekomindo

Commercial Partner

PT. Artapala Telekomindo is an Indonesian IT company specializing in digital transformation solutions, offering products like interactive displays, video conferencing systems, and data communication. Partnering with brands like Infocus and Alcatel-Lucent, they focus on delivering tailored tech solutions for businesses.

Qualys

Integration Partner

Qualys is a comprehensive cloud-based solution that identifies vulnerabilities across all networked assets, including servers, network devices (e.g., routers, switches, firewalls), peripherals (e.g., IP-based printers, fax machines), and workstations. It can effectively assess any device with an IP address to ensure robust security coverage.

Qualys

Technology Integration

With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

Recorded Future

Integration Partner

The Recorded Future integration provides both a feed and enricher capabilities. With the feed, users have access to the Recorded Future Risk List which includes IP and file hashes, for example. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. The enricher allows users to query Domains, hashes, URLs and IP addresses.

Recorded Future

Technology Integration

The Recorded Future integration provides both a feed and enricher capabilities. With the feed, users have access to the Recorded Future Risk List which includes IP and file hashes, for example. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. The enricher allows users to query Domains, hashes, URLs and IP addresses.

ReliaQuest

Integration Partner

ReliaQuest is a cybersecurity company that acquired Digital Shadows, a threat intelligence firm, in June 2022. This acquisition combined ReliaQuest's detection and response capabilities with Digital Shadows' digital risk and threat intelligence technology, enhancing their security operations platform

RIPE NCC

Integration Partner

RIPE NCC is a not-for-profit Regional Internet Registry for Europe, the Middle East, and parts of Central Asia. It allocates IP resources and provides services like RIPEstat, a platform offering data and analytics on Internet resources, routing, and DNS.

RIPEstat

Technology Integration

RIPEstat provides everything you ever wanted to know about IP address space, Autonomous System Numbers (ASNs), and related information for hostnames and countries in one place.

RiskIQ

Integration Partner

RiskIQ, now part of Microsoft, specializes in digital threat management, offering comprehensive solutions for discovering, analyzing, and mitigating threats to an organization's digital presence. Their platform provides unified insights into web, social, and mobile exposures, enabling enterprises to understand their digital attack surfaces, assess risks, and take protective actions.

RiskIQ PassiveTotal

Technology Integration

RiskIQ PassiveTotal overcomes the challenges in discovering and proactively blocking malicious infrastructure. Using innovative techniques and research processes, PassiveTotal provides analysts with a single view into all the data they need.

Security Delta (HSD)

Community Partner

Security Delta (HSD) is the Dutch security cluster. Over 275 companies, governmental organisations and knowledge institutions have been working together since 2014 to make a difference in securing our digitising society.

ServiceNow

Integration Partner

ServiceNow Security Incident Response, a security orchestration and automation response (SOAR) solution, helps you rapidly respond to evolving threats while optimizing and orchestrating enterprise security operations. Security Incident Response eliminates the errors and friction natural to manual handoffs across systems, teams and responsibilities.

ServiceNow

Technology Integration

The ServiceNow® Threat Intelligence application enables you to find indicators of compromise (IoC) and enrich security incidents with threat intelligence data.

Shodan

Technology Integration

Shodan is the world's first search engine for Internet-connected devices. The Shodan enricher takes a wealth of input observable types to help you discover which of your devices are connected to the Internet, where they are located, and who is using them.

Silobreaker

Integration Partner

Silobreaker helps business, security and intelligence professionals make sense of the overwhelming amount of unstructured data on the web. By providing powerful tools and visualisations that cut through the noise and analyse data from hundreds of thousands of open sources, Silobreaker makes it easy for users to monitor and research threats or opportunities.

Silobreaker

Technology Integration

Silobreaker helps business, security and intelligence professionals make sense of the overwhelming amount of unstructured data on the web. By providing powerful tools and visualisations that cut through the noise and analyse data from hundreds of thousands of open sources, Silobreaker makes it easy for users to monitor and research threats or opportunities.

SoftwareONE

Commercial Partner

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions. It enables commercial, technology and digital transformations using IP and technology-driven services. Clients can modernize applications and migrate critical workloads on public clouds while optimizing their related software and cloud assets and licensing in parallel.

Splunk

Integration Partner

Splunk empowers observability, IT, and security teams to enhance organizational security, resilience, and innovation through its open, extensible data platform. Founded in 2003, Splunk supports seamless data sharing across environments, providing comprehensive visibility and context for all business processes.

Splunk Enterprise Security

Technology Integration

* Operational Intelligence optimizes your IT, security and business performance * Collect operational data (including logs, clickstreams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media and cloud services) * Search, monitor and analyze data to discover powerful insights for security and IT operations. * Understand trends, patterns of activity and behavior to make more informed decision

Splunk SOAR

Technology Integration

Splunk SOAR is a leading Security Orchestration, Automation, and Response (SOAR) Platform. It integrates your team, processes, and tools together. With Splunk SOAR, you’re able to work smarter, respond faster, and strengthen your defenses.

SpyCloud

Integration Partner

SpyCloud is a cybersecurity firm specializing in automated identity threat protection, leveraging data from the criminal underground to prevent ransomware, account takeover, and other targeted attacks. Their solutions help organizations check their exposure, protect digital identities, and unmask threat actors.

SpyCloud

Technology Integration

The SpyCloud integration feed helps users protect employees and customers. It provides information which can prevent account take over, fraud, IP theft and brand damage. The feed alerts users when an employee's or company's assets have been compromised.

ST Engineering

Commercial Partner

ST Engineering provides comprehensive cybersecurity solutions to protect IT, OT, and cloud infrastructures. Their services include managed detection, response, and risk assessment, specializing in secure network operations, system engineering, and advanced cyber capabilities tailored for industries worldwide.

Sumo Logic

Integration Partner

Sumo Logic empowers the people who power modern, digital business through its Continuous Intelligence Platform™. Practitioners and developers around the world rely on Sumo Logic to gain real-time analytics and insights from their cloud-native applications, helping them ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures.

Sumo Logic Cloud SIEM

Technology Integration

Sumo Logic Cloud SIEM provides security analysts and SOC managers with enhanced visibility across the enterprise to thoroughly understand the scope and context of an attack. Automated parsing, mapping and normalization of records from your structured and unstructured data is correlated in real time to detect threats, enabling streamlined SOC workflows designed to detect known and unknown threats faster. Configurable as a custom integration.

Sumo Logic Cloud SOAR

Technology Integration

Automate real-time threat investigation, incident management and threat response while reducing false positives and analyst fatigue with Sumo Logic Cloud SOAR. Leverage hundreds of pre-built integrations with leading third-party threat intelligence vendors to help secure operations, automate incident response and reduce time to remediation. Configurable as a custom integration.

Symantec DeepSight Intelligence Datafeeds

Technology Integration

Leveraging the extensive Symantec Global Intelligence Network, this integration feed allows users to collect raw intelligence data making it available within EclecticIQ Platform. The feed provides a broad range of insights, covering reputation and threat intelligence data for IP, URLs, attacks, bots, cnc, malware, fraud, and phishing.

Syntx

Commercial Partner

Syntx is a knowledge-based cyber security startup, formed by a local group of information technology and cyber security specialist. Syntx is supported by its trusted network of technology partners and service providers that works in collaboration with shared and clear vision of addressing the needs as well as challenges of our customers.

TeamT5

Commercial Partner

TeamT5 is a Taiwan-based cybersecurity firm specializing in cyber threat intelligence and advanced persistent threat (APT) research. They offer services like malware analysis, incident response, and threat hunting, focusing on the Asia-Pacific region.

TechLab Security

Commercial Partner

TechLab Security, established in Kuala Lumpur in 2008, is a leading enterprise systems integrator and solutions provider specializing in cybersecurity. They offer a comprehensive suite of services, including email, mobile, network, endpoint, and system security, as well as SIEM and database security, to help organizations detect, respond to, and prevent cyberattacks

The National Cyber-Forensics and Training Alliance (NCFTA)

Technology Integration

The NCFTA was created by industry, academia, and law enforcement for the sole purpose of establishing a neutral, trusted environment that enables two-way information sharing with the ultimate goal to identify, mitigate, disrupt, and neutralize cyber threats.

Threat Crowd

Technology Integration

ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.ThreatCrowd is an Open Source system for finding and researching artefacts relating to cyber threats, utilizing information obtained by crawling various Open Source resources, including VirusTotal and Malwr.r

Trusted Cyber Security Solutions (TCSS)

Commercial Partner

TCSS is a cybersecurity firm dedicated to enhancing digital resilience by offering comprehensive services such as Security Operations Center (SOC) solutions, security training, and a state-of-the-art cyber range for simulating real-world threats. They also provide support for NIS2 compliance, cyber threat intelligence, operational technology (OT) security, and application security, aiming to reduce business risks and improve clients' cybersecurity posture

Viettel Cyber Security (VCS)

Commercial Partner

Viettel Cyber Security (VCS), a subsidiary of Viettel Group, specializes in comprehensive cybersecurity solutions, including 24/7 Security Operations Center (SOC) monitoring, penetration testing, threat intelligence, and vulnerability assessments. Recognized as the "Best Cyber Security Company in Asia" for two consecutive years, VCS has also achieved CREST accreditation for its penetration testing services and SOC, underscoring its commitment to high-quality cybersecurity standards

Vigilante

Technology Integration

Vigilante is a global threat hunting and dark web cyber intelligence research team, delivering a combination of vast, unique human intelligence and automation that is targeted for each client to help them identify their biggest risks and defend against the most sophisticated adversaries.

VirusTotal

Technology Integration

With VirusTotal users can analyze suspicious files and URLs. It facilitates the quick identification of viruses, worms, trojans and all kinds of malware. Integrating VirusTotal means that users don’t need to leave EclecticIQ Platform – everything is at your fingertips which saves time and minimizes the number of tools open at once. The integration supports the premium service for feeds and enrichers; plus, the free service for enrichers. VirusTotal helps users by providing more condensed, ingestible and corroborable information.

VMRay

Integration Partner

VMRay specializes in advanced threat analysis, focusing on detecting and analyzing sophisticated malware and phishing attacks. Their solutions help automate security operations and enhance incident response, serving enterprises, government agencies, and security providers. Based in Germany, VMRay aims to strengthen organizations' resilience against evolving cyber threats.

VMRay

Technology Integration

Surmounting the persistent shortcomings of other DFIR tools, VMRay delivers rapid detection results and in-depth analysis reports without compromising performance or security. VMRay flexibly integrates with other systems, automating the submission of files and URLs for analysis. Precise, actionable results are returned that drive block/allow decisions and other security measures across the enterprise.

Webroot

Technology Integration

Webroot, an OpenText company, was the first to harness the cloud and artificial intelligence to stop zero-day threats in real time. Webroot secures businesses and individuals worldwide with threat intelligence and protection for endpoints and networks.

WHITEBIT

Commercial Partner

WhiteBIT is a European-based centralized cryptocurrency exchange offering a secure platform for trading digital assets. Users can engage in spot, margin, and futures trading, access crypto lending services, and benefit from low trading fees, all while enjoying robust security measures.

Zscaler

Technology Integration

Zscaler accelerates digital transformation so that customers can be more agile and secure. The Zscaler Zero Trust Exchange, a SASE-based platform, is the world’s largest inline cloud security platform, protecting thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications over any network. Zscaler integrates with EclecticIQ by consuming high-confidence indicators to enforce real-time policies and ensure all users get complete protection from emerging threats and targeted attacks.