Eskenzi PR Eskenzi PR
  • About Us
Sunday, 7 March, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

DomainTools supports the open-source security community and its customers with new TheHive and Cortex integration capabilities

Users will be able to access DNS threat investigation and intelligence, rich datasets and contextual enrichment for Indicators of Compromise (IOC)

by Sabina
March 31, 2020
in Hacking, Threat Detection
DomainTools Logo
Share on FacebookShare on Twitter

The success of open source and collaborative projects depends on the community that supports them. The development model is driven solely by a common goal, and has consistently been an invaluable resource for the IT and IT security industries. 

Guided by the common goal of making the internet a little more secure and to help users hunt unknown malicious infrastructure, DomainTools has announced that it will integrate its Iris tool with TheHive and Cortex platform. The open-source community will have access to DNS threat investigation and intelligence, rich datasets and contextual enrichment for Indicators of Compromise (IOC). 

What is TheHive and Cortex? 

TheHive is a scalable open-source solution built for SOCs, Cyber Security Incident Response Teams (CSIRTs), Computer Emergency Response Teams (CERTs) and any information security practitioner and allows them to investigate security incidents efficiently. Collaboration across the incident management phases and functions is at the heart of the platform. Cases can be created for every investigation either manually or automatically using templates which can vary based on the type of investigations.

Cortex is our standalone analysis engine and a perfect companion for TheHive. TheHive speaks natively to Cortex via REST API to perform quick assessments of observables.

Together, the two platforms can be a significant time-saver and take away some of the tedious tasks associated. Analysts can then use the Analyze functionality you can add and investigate a single or thousands of observables associated with the case. Finally, good old practices of associating TLP and source tags are also baked in the platform.

Descriptions Courtesy of TheHive and Cortex 

Over the past three years, TheHive project matured, and more and more enterprises adopted it as part of their enterprise SOC/CSIRT/CERT. TheHive and Cortex  enables users to optimize security incident management, automate threat intelligence analysis, and perform digital forensics.

By enriching observables within TheHive and Cortex, users can now utilise DomainTools Iris intelligence to add value to their incident management workflow. In this way, DNS threat context will be available in a single toolset, without the need to access it via upstream systems. Through the point-and-click TheHive interface, users will now be able to access the rich DomainTools domain and DNS intelligence, Domain Risk Score, and supporting evidence. 

Enriched Observables

TheHive and Cortex users will benefit from this integration in a number of ways but the key element is improved context for investigations. They will now have access to additional insights, including Whois data which can provide key information about domain ownership, as well as the DomainTools’ Risk Score, which enables faster triaging based on the type of risk the domain represents.

While enriching the observables, DomainTools  persists the enrichment data in observable reports within an incident. This enables users to review the enriched dataset conveniently including DomainTools Guided Pivots, to help further their investigations. 

Artifacts with Guided Pivots below a threshold limit, configured by the organization, are visually highlighted for convenience. Users can add these artifacts as potential points of pivot/reversing.

This enables an analyst to investigate the incident without context switching across multiple tools. Further, the enrichment data inside of an incident forms a qualified tool for convenient reporting and reconciliation. And whenever an analyst feels the need to dive into DomainTools investigation platform, they can conveniently launch it from within the observable report, all without losing their context in the investigation.

What about the connected infrastructure?

When profiling a DNS artifact isn’t sufficient, the integration with DomainTools’ Iris pivot analyser will allow TheHive and Cortex  users to see what is connected to the domain observable, gaining insight into more detailed associations in order to build a more accurate picture of the infrastructure surrounding a domain: Associated IPs, SSL hashes and registrant email addresses can now be pivoted on to retrieve associated IOCs. Moreover, the Guided Pivot analytics will assist IT security practitioners in choosing which attributes to pivot on, and with Guided Pivot counts will even create an investigation path on their own. 

Viable Guided Pivots will be flagged during observable enrichment, effectively allowing users to discover IOCs that would have otherwise gone undetected. To further consolidate intelligence and map forensics, users will have access to DomainTools analytics like Age and Domain Risk Score, which will narrow down the list of target IOCs to be imported into the platform. MISP users will also be able to link two instances and create an auto-case out of a MISP event. 

Overall, the automation of incident handling procedures through pivots on key domain attributes, as allowed by this integration of DomainTools Iris with TheHive and Cortex, will reduce the time IT security teams will have to spend on investigating and triaging on multiple tools. 

When working in today’s ever-growing and complicating threat landscape, it is increasingly important that organisations manage to effectively collaborate in ways such as this: Increasing visibility, and providing security teams and researchers with enriched data is one of the key things that will help us to take the fight to cybercriminals. 

0 0 vote
Article Rating
FacebookTweetLinkedIn
Share1TweetShare
Previous Post

DomainTools’ Iris Helps L3Harris Technologies Investigate Advanced Persistent Threats And Cyber Espionage Attampts

Next Post

Hackers Attack Health Providers and Demand Ransom

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Malaysia Airlines

Malaysia and Singapore Airlines Breached in Third Party Hacks

March 5, 2021
Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

March 4, 2021

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept