Group-IB Threat Intelligence

Group-IB Threat Intelligence is a system for analyzing and attributing cyberattacks, threat hunting, and protecting network infrastructure based on data relating to adversary tactics, tools and activity. Read more on Group-IB web-site - https://www.group-ib.com/products/threat-intelligence. Threat Intelligence (TI) combines unique data sources and experience in investigating high-tech crimes and responding to complex multi-stage attacks worldwide. The system stores data on threat actors and related infrastructures collected since 2003, including those that criminals attempted to wipe out. This application is built for integration of Threat Intelligence with Splunk SIEM to consume TI feeds and process pivoting. This Splunk integration allows you to: - Import and process Threat Intelligence feeds directly into Splunk - Search and correlate IoCs from Group-IB collections - Enrich internal alerts with external intelligence To use integration, you must have an active Group-IB Threat Intelligence license and API access.