Analyst1

The Polarity - Analyst1 integration allows Polarity to get quick identification of Indicators and CVEs associated to Actors, Malware, and MITRE ATT&CK from the Analyst1 platform. Analyst1 maintains a comprehensive threat intelligence archive from free, paid, and internal sources powered by NLP automation and analyst curation. Analyst1 provides total data provenance in control by the customer, greatly increasing the simplicity of access and depth of data available for Polarity’s augmented views to end users.

Examples

Analyst1 Data Overview

• Summary Tags: When an analyst runs a search in the Polarity - Analyst1 integration, they will quickly be able to tell if the indicator is active in their environment, number of associated reports and any actors that might be associated with the indicator.
• Indicator Details: When drilling into the details in the Analyst1 integration, analysts will be able to quickly get more context on the indicator that was looked up. Information such as times it was seen/reported, TLP to the confidence.
• Description: Analysts can also get a description of the indicator that Analyst1 provides. Allowing them to have the full picture on the indicator.
• Additional Context: While also looking at the details of the integration analysts can also view information on the actors associated with the indicator, any AKAs associated and what indiustries are being targeted.
• Attack Patterns and Malware: Analysts can also see any attack patterns and malware that has been associated with the indicator.

Evidence Submission

Not only do analysts get the full picture of an indicator when running a search in Polarity, they are also able to take actions by submitting evidence. Evidence in Analyst1 is any associated information that is seen or noticed by an analyst. So here the analyst can take any additional context noticed from other Polarity integrations or elsewhere and add it back into Analyst1 to further enrich it.