SANS ISC
The SANS Internet Storm Center (ISC) is a program of the SANS Technology Institute that monitors and analyzes malicious internet activity, providing real-time insights into cyber threats and vulnerabilities. Established in 2001, the ISC utilizes a global network of sensors to collect data, enabling it to issue alerts and facilitate cooperation among cybersecurity professionals to enhance defenses against cyberattacks.
Integrations
SANS ISC with Polarity
- Data Enrichment
- Incident Response and Ticketing
- Risk Management
- Security Operations
- Threat Intelligence
The Polarity - Internet Storm Center integration provides a free unique look at different IP addresses, enabling analysts to quickly understand how an IP address might have behaved in the past. Leading to unique insights when deriving context about an IP address.
Examples
Internet Storm Center Data Overview
- Summary Tags: When looking up an IP in ISC analysts will quickly see the number of associated threat feeds that IP has been seen on.
- IP Risk Overview: When drilling into the details of the IP address, analysts can quickly understand the high level context of the IP. Quickly learning about the Max Risk associated, number of distinct packets associated (attacks) and total number of packets blocked by the IP.
- ASN Details: While also looking at the details, analysts can quickly get an overview of the ASN information associated with the IP.
- SSH Details: While in the details view analysts can also get an overview of different ssh attempts noticed with the IP if any are associated.
- Threat Feeds: Finally analysts can quickly get an understanding of where ISC gathered the information from different feeds on.
Related Resources
Built By Polarity