A scalable and collaborative Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Thanks to the built-in live stream, real time information pertaining to new or existing cases, tasks, observables and IOCs are available to all team members allowing multiple SOC and CERT analysts can collaborate on investigations simultaneously. Special notifications allow your team to handle or assign new tasks, and preview new MISP events and alerts from multiple sources such as: email reports, CTI providers and logs.
Cases and associated tasks can be created using a simple yet powerful template engine. You can add metrics and custom fields to your templates to drive your team's activity, identify the type of investigations that take significant time, and also automate tedious tasks through dynamic dashboards. Analysts can record their progress, attach critical pieces of evidence or noteworthy files, add tags and import password-protected ZIP archives containing malware or suspicious data without needing to open them.
Add up to thousands of observables to each case that you create or import them directly from a MISP event or any alert sent to the platform. Quickly triage and filter them. Harness the power of Cortex and its analyzers and responders to gain precious insight, speed up your investigation and contain threats. Leverage tags, flag IOCs, sightings and identify previously seen observables to feed your threat intelligence. Once investigations are completed, export IOCs to one or as many MISP instances as you'd like.
