Bayse Intelligence

The integration of Bayse Intelligence’s Early Alert phishing threat intel feed enables analysts to gain the necessary insights and high-fidelity threat intelligence to support phishing analysis and triage, detect and block phishing attacks and campaigns, and detect brand abuse all from within the ThreatConnect TI Ops Platform. Bayse’s unique approach to profiling threat actor campaigns, attribution through their Site Fingerprints technology, and rich context allow analysts to analyze and respond to phishing and brand attacks against their organizations and supply chain more efficiently. 

Bayse Intelligence will automatically aggregate individual indicators under a Campaign Group type in the ThreatConnect Platform based on a unique Site Fingerprint identifier.  When Bayse Intelligence tracks a campaign, additional human-created intelligence is added to the Campaign Group. When Bayse Intelligence is not officially tracking a campaign, the name will begin with Unknown Campaign followed by the structural_id Site Fingerprint value. Automatically generated information (such as screenshots, duration of campaign, companies or industry sectors impacted, etc...) will be included in these Groups.

Individual indicators will all be of ThreatConnect’s URL type. This allows us to share the full link (for deeper investigation) and also to identify when legitimate services are being abused. These indicators are classified into three distinct groups: Submitted Link, Phishing Portal, and Credential Collection.

Bayse Intelligence’s Early Alert threat feed can be easily integrated into the ThreatConnect TI Ops Platform via the Bayse Intelligence Early Alert Job App.