Anomali

Polarity's STAXX integration gives users access to automated MD5, SHA1, SHA256, IPv4, IPv6 and Domain lookups within Anomali's STAXX platform. Enabling analysts to quickly search their STAXX instance.

Anomali STAXX gives you a free, easy way to subscribe to any STIX / TAXII feed. Simply download the STAXX client, configure your data sources, and STAXX will handle the rest.

The Polarity - ThreatStream integration enables analysts to get the most of their ThreatStream intelligence platform. Providing analysts a quick way to view and enrich the indicators from their ThreatStream TIP. When searching indicators in ThreatStream, analysts will be able to understand what the indicator is and how it affects their environment.

Examples

ThreatStream Data Overview

• Summary Tags: When running a search in ThreatStream, analysts will immediately know what the context of the indicator is, how sever it is and where the indicator information came from.
• Comments: View any comments or leave a comment about the indicator.
• Indicator Information: When clicking into the details, analysts can quickly get the full picture of the indicator. Understanding its severity in more details, its TLP, associated dates and threat type.
• Tags: Analysts can also see and manage tags from the details. Enabling them to add and enrich the platform based on what they are seeing with other information.

The ThreatStream IOC Submission is an integration that enables analysts to have a quick understanding of what is in their TIP and enable them to add and enrich information in bulk in their TIP. Allowing analysts to quickly add in information to help ensure their TIP is always up to date

Examples

ThreatStream IOC Submission Data Overview

• Already in ThreatStream: After running the on-demand search and drilling into the details, analysts can quickly see all of the indicators that are currently in ThreatStream. They can also add then into the to be submitted section to enrich the information in ThreatStream even more.
• Not in ThreatStream and to be added: In the not in ThreatStream section, analysts can see all of the indicators that are not currently in their TIP and add them to the "To be Submitted" section. Allowing analysts to enrich the information in ThreatStream.
• Submission Options: After selecting the indicators to add or enrich, the analysts have options to add to the indicators. They can submit the indicators as public or anonymous (following companies submission policies), can manually set the confidence or let ThreatStream determine. Analysts can also set the severity, TLP and threat type if they have the information. Tags are also an option to be added.

The integration allows for analysts to make multiple submissions of information. Allowing the analysts to submit indicators with different enrichment options.