Intezer

The Polarity - Intezer integration enables analysts to quickly search Intezer's vast autonomous SOC platform. Allowing analysts to have quick insights into all associated information on Hashes, and even provides the ability for analysts to quickly upload a hash file to have Intezer process it. All leading to analysts having the ability to quickly process the context from Intezer.

Examples

Data Overview - Genetic Analysis

When looking up a hash in Intezer analysts will be able to immediately see if it is malicious or not and then be presented with Intezers genetic analysis. Which is the high level context like file types, state, agent information and more.

Data Overview TTPs

When looking at the details TTPs tab, analysts will be able to quickly see the associated MITRE ATT&CK categories and techniques that Intzer has associated with the hash.

Data Overview - IOCs

When looking at the details IOCs tab, analysts will be able to quickly see any other associated IOCS with the hash. Allowing them to then pivot within Polarity and look up those associated IOCs.

Data Overview - Behavior

When looking at the details Behavior tab analysts can see the behavior and actions that the file is taking. Allowing them to quickly reverse out what the behavior of the file is, reducing time to resolve and determine impact on their business.

Data Overview - Detect and Hunt for Threats

When looking at the details Detect and Hunt tab allows analysts to quickly see how Intezer classifies the file in a hunt capacity. Allowing threat hunters to see all of the artifacts and how to develop rules associated with the file.

Data Overview - Scan Hash

If a file hash has not been found by Intezer, analysts can quickly just hit the Scan Hash button and allow for Intezer to scan that hash and provide insights around it.