SlashNext

This integration enables quick operationalization of SlashNext phishing threat intel feed to protect employees from zero-hour phishing threats. SlashNext phishing and C2 feeds inform threat hunting, enabling ThreatConnect users to identify more threats in network logs.

This app is developed and maintained by SlashNext. This app is available for download on this Marketplace.

SlashNext Phishing Incident Response Playbook app enables ThreatConnect SOAR users to fully automate analysis of suspicious URLs. For example, IR teams responsible for abuse inbox management can extract links or domains out of suspicious emails and automatically analyze them with the SlashNext SEER™ threat detection cloud to get definitive, binary verdicts (malicious or benign) along with IOCs, screenshots, and more. Automating URL analysis can save IR teams hundreds of hours versus manually triaging these emails or checking URLs and domains against less accurate phishing databases and domain reputation services.

SlashNext threat detection uses browsers in a purpose-built cloud to dynamically inspect page contents and site behavior in real-time. This method enables SlashNext to follow URL re-directs and multi-stage attacks to more thoroughly analyze the final page(s) and make a much more accurate, binary determination with near-zero false positives. It also detects all six major categories of phishing and social engineering sites. These include credential stealing, rogue software / malware sites, scare-ware, phishing exploits (sites hosting weaponized documents, etc.), and social engineering scams (fake deals, giveaways, etc.).

SlashNext not only provides accurate, binary verdicts (rather than threat scores), it provides IoC metadata and screen-shots of detected phishing pages. These enable easier classification and reporting. Screen-shots can be used as an aid in on-going employee phishing awareness training and testing.

This app is developed and maintained by SlashNext. This app is available for download on this Marketplace.

The Polarity - SlashNext integration enables analysts to quickly search SlashNext's intelligence data for indicators to see if they are malicious and how they relate to email intelligence. Allowing analysts to quickly have an understanding of an indicator that is being associated with their users' emails.

Examples

SlashNext Data Overview

• Summary Tags: When searching for indicators in Slashnext, analysts can quickly see if an indicator is considered malicious, if it is currently active and what type of activity is associated with the indicator.
• Reputation Summary: When clicking into the details of the Slashnext integration analysts can see information on the indicator threat. From the verdict, to when it was seen to the threat type.
• Report Details: While looking at the details of Slashnext analysts can also see the reports that were generated to help determine the reputation information.