Anomali Logo

Anomali | ThreatStream

Type: TIP

Anomali ThreatStream combines threat intelligence, big data management, and machine learning to provide security teams with tools and insights for rapid threat detection, analysis, and response. 

The Anomali Threat Platform connects Flashpoint’s finished intelligence with existing security solutions so Anomali customers can gain visibility into industry-specific threats and threat actors.

Supported Datasets:  Technical Indicators, Reports, Alerting, Compromised Credentials, Vulnerabilities

XSOAR Logo

Cortex XSOAR

Type: SOAR

Cortex XSOAR unifies case management, automation, real-time collaboration, and threat intelligence management to help security teams improve efficiency and standardize incident response processes. 

XSOAR users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.

Supported Datasets: Technical Indicators, Reports, Alerting, Communities, Chats, Marketplaces, Vulnerabilities

Cyware Logo

Cyware

Type: SOAR

Cyware provides a comprehensive platform for threat intelligence management, security orchestration and automation, and collaborative threat response, enabling organizations to build cyber fusion centers and enhance their overall security posture.

The Cyware Flashpoint integration provides critical external threat insight for security teams of all sizes and maturities in a centralized location to more quickly and efficiently identify and respond to emerging threats targeting their organizations.

Supported Datasets:  Technical Indicators, Reports, Communities, Chats, Marketplaces, Compromised Credentials

QRadar Logo

IBM QRadar

Type: SIEM

IBM QRadar collects and analyzes log data, and network flows across an organization’s IT infrastructure to detect, prioritize, and respond to security threats in real time.

With the ‘Flashpoint for QRadar’ app, QRadar customers have visibility into illicit online communities to correlate information related to their infrastructure and can be notified when indicators from internal log data match with Flashpoint intelligence.

Supported Datasets: Technical Indicators, Reports

Maltego Logo

Maltego

Type: Analysis

Maltego is an investigation platform that accelerates complex cyber investigations by enabling users to gather, analyze, and visualize data from diverse sources to uncover relationships and patterns between entities like domains, IP addresses, and social media profiles.

With Flashpoint’s Maltego Transforms, investigators can incorporate Flashpoint data into Maltego workflows to obtain actionable intelligence, mitigate risk, and combat threats and adversaries.

Supported Datasets: Technical Indicators, Reports, Communities, Chats, Marketplaces, Compromised Credentials, Alerting

Polarity Logo

Polarity

Type: Analysis

Polarity is a free-floating overlay platform that automatically searches unlimited sources in parallel to augment data and information from existing applications, accelerating analysis by enriching every tool and workflow.

Polarity users can leverage the Flashpoint integration for threat analysis, threat hunting, and malware analysis by correlating information from Flashpoint 

Polarity users can leverage Flashpoint data for real-time context and insights on indicators like IP addresses, domains, file hashes, and CVEs directly within their existing workflows, enabling faster triage and more informed decision-making.

Supported Datasets: Technical Indicators, Reports, Vulnerabilities

ServiceNow Logo

ServiceNow

Type: SOAR

ServiceNow is a cloud-based workflow automation platform that enhances operational efficiencies across enterprise organizations by streamlining and automating various business functions. 

ServiceNow users can access and integrate Flashpoint’s data and finished intelligence with their existing workflows and automated tools to enhance their threat intelligence capabilities and streamline incident response processes.

Supported Datasets: Technical Indicators, Reports, Communities, Chats, Marketplaces, Alerting, Vulnerabilities

Silobreaker Logo

Silobreaker

Type: TIP

Silobreaker aggregates and analyzes data from millions of sources across 17 languages to provide actionable insights for cyber threat intelligence, geopolitical risk assessment, and strategic decision-making.

Correlating Flashpoint’s data with Silobreaker’s surface web sources and powerful analytical tools gives customers the visibility and context needed to efficiently assess trends and combat threats to their operations.

Supported Datasets: Card Fraud, Reports, Communities, Chats, Marketplaces, Compromised Credentials

Splunk Logo

Splunk

Type: SIEM

Splunk is a data platform that enables organizations to collect, search, analyze, and visualize machine-generated data. 

With the Flashpoint Splunk app and add-on, Splunk users are notified when internal log data indicators correspond with Flashpoint intelligence, enabling them to prioritize their response.

Supported Datasets: Communities, Chats, Marketplaces, Alerting, Compromised Credentials, Vulnerabilities

Splunk Phantom Logo

Splunk | Phantom

Type: SIEM/SOAR

Splunk Phantom integrates with over 300 security tools to automate repetitive tasks, streamline incident response workflows, and enable security teams to investigate and remediate threats more quickly and efficiently.

The Flashpoint Splunk Phantom integration facilitates easy access to Flashpoint data and intelligence with associated context specifically for Splunk Phantom users. Flashpoint datasets enrich internal data, assisting security teams to automate tasks, orchestrate workflows, and support a broad range of SOC functions.

Supported Datasets: Technical Indicators, Reports, Communities, Chats, Marketplaces, Compromised Credentials, Alerting

ThreatConnect

ThreatConnect

Type: TIP

ThreatConnect enables organizations to aggregate, analyze, and operationalize threat data for enhanced security and risk management. 

Flashpoint complements ThreatConnect with intelligence reports and Indicators of Compromise (IoCs) so customers can associate incidents with indicators and gain helpful context like MITRE ATT&CK tags and scoring.

Supported Datasets:  Technical Indicators, Reports

ThreatQuotient Logo

ThreatQuotient | ThreatQ

Type: TIP

ThreatQ combines, normalizes, and contextualizes threat data from external and internal sources into a Threat library used across the organization.

The ThreatQ and Flashpoint integration offers access to an extensive range of datasets to provide a “state of the threat” landscape to assist security personnel in developing and prioritizing intelligence on emerging threats.

Supported Datasets: Technical Indicators, Card Fraud, Reports, Communities, Chats, Marketplaces, Compromised Credentials, Alerting, Vulnerabilities

Vertex Logo

Vertex | Synapse

Type: Analysis

Vertex Synapse is a comprehensive central intelligence and analysis system that supports analyst teams throughout the intelligence lifecycle.

Flashpoint’s Vertex integration merges Flashpoint’s threat intelligence with Vertex’s data analytics platform so users can gain deeper insights into threats.

Supported Datasets: Communities, Chats, Marketplaces, Technical Indicators, Reports

Dataset Definitions:

Technical Indicators: Indicators of compromise (IoCs) and technical data across Flashpoint datasets and those included in Finished Intelligence Reports.
Reports: Finished Intelligence Reports produced by the Flashpoint Intelligence Team.
Communities: Flashpoint’s illitic community data.
Chats: Data from various chat services and messaging apps.
Marketplaces: Data from deep and dark web marketplaces.
Alerting: Email alerts that match a user’s area of concern such as leaked assets, organizational risks, or industry-related threats.
Vulnerabilities: All Flashpoint vulnerability data.
Compromised Credentials: Database of over 48 billion stolen and leaked credentials from open sources, illicit communities, marketplaces, and infostealer malware logs.
Card Fraud: Partial data of cards exposed within illicit card shops and threat actor communities.

See Flashpoint in Action