2020-12-31T16:06:00Z

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

50

I'm looking for a threat intelligence tool that can aggregate multiple threat intelligence sources. Is this type of tool available? If so, how much do these services cost?

ITCS user
Guest
33 Answers

author avatar
Top 5LeaderboardReal User

There are two approaches to answer your needs. You can either select:


1. SIEM / SOC Platform that could ingest more than 1 TI feed service 


2. Threat Intelligence Platform


If you are looking to simply integrate the TI sources into one single centralized system, for instance: SIEM, you would choose option 1 because it will be investment effective.


Logrythm, Qradar, Stellar Cyber, Splunk and Alienvault are amongst the tools to go.


If you are looking to integrate to more than 1 target system inside your organization, go for a centralized Threat Intelligence Platform. The best one in the market is no doubt the Anomali Threat Intelligence Platform, while ThreatQuotient and EccleticIQ still have to catch up alot. The benefit of using Anomali Threat Intelligence Platform in example, is that you can actually manage multiple integrations to target system such as: SIEM, SOC Platform, NGFW, IPS, and others. This platform will provide you with great simplicity, for an organization which is reasonably large with multiple cybersecurity solutions.



Be wary, Threat Intelligence Platform is not investment friendly, as their cost could be unjustified if you can't consider all the benefits it provides. With TIP, you are expected to manage Threat Intelligence actively inside your organization, selecting and making the most out of the all TI feed services out there (community, freemium and premium service). You would need a team dedicated CTI Analyst to benefit from the use of Threat Intelligence Platform - otherwise it will be a waste of time and investment.



At the end of the day, you could also opt for open source STIX / TAXII client to a more cost effective alternative solution, depends on your requirement complexity and budgets.

2021-06-02T14:15:26Z
author avatar
Top 10User

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by each customer. The cost of the tool is based on the amount of data to be imported, Microsoft 365 and Azure are free, and for the time of data retention. Example: Azure Sentinel Pricing | Microsoft Azure

2021-01-01T21:53:15Z
author avatar
User

thanks

2021-01-05T17:50:05Z
author avatar
Top 5Real User

Azure Sentinel SIEM and I think Arcsight SIEM too.

2021-01-04T05:00:40Z
Find out what your peers are saying about CrowdStrike, Recorded Future, Group-IB and others in Threat Intelligence Platforms. Updated: May 2021.
513,091 professionals have used our research since 2012.