SnapAttack

The Polarity - SnapAttack integration enables analysts to search for Threat Vulnerabilities (CVE), and either tagged Threat Actors or tagged Mitre ATT&CK techniques giving users a quick overview of a threat actor and context around vulnerabilities. Enabling analysts to quickly triage vulnerabilities and threat actor groups.

Examples

Data Overview - CVE

• Summary Information: When searching for a CVE in SnapAttack analysts will quickly be able to tell the severity and what the CVE pertains to. For example in the screenshot analysts can quickly see this vulnerability has a high risk score and related to the vector network.
• Vulnerability Information: When drilling into the information for SnapAttack, analysts can quickly pivot to SnapAttack as well as be able to quickly see information about the vulnerability and when it was categorized/created.
• How to Manage the Vulnerability: Analysts will also be able to quickly tell how they can work with and manage the CVE based on the recommendations by the software the CVE pertains to.
• Additional information: Analysts will also be able to quickly see additional context around the CVE such as the CVSS score, aliases and more.

Data Overview - Threat Actors

• Summary Information: When an analyst looks up threat actors in SnapAttack, they can quickly tell the number of vulnerabilities that the threat actors are associated with as well as the number of industries they try to pursue.
• Threat Actor Details: When drilling into the details of the SnapAttack integration, analysts can quickly learn more about the Threat Actor, such as when they were observed to a detailed description.
• Additional Information: Analysts will also be able to get additional context around the threat actor. Such as what the vulns associated with them are, known aliases, motivations and more.