Threat Investigations
Feature availability with CTIX product editions.
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | No | No |
The threat investigations feature helps you investigate security incidents with improved insights. It facilitates threat analysis to correlate contextual understanding gathered from complex threat intelligence data.
You can automatically analyze threat data objects using an interactive relational visualization on a canvas in addition to viewing it in tabular form. You can derive and build threat data context from complex threat intelligence thereby understanding the potential impact on your organization, proactively mitigating threats, and building a resilient posture.
Note
The user must have Threat Investigations permissions to add, update, or view the canvas in this module. Read-only users do not have permission to perform create and update actions on the Threat Investigations module.
Key features:
Perform real-time analysis on threat data and plot the enriched data on a canvas.
Enrich threat data using third-party tools directly from nodes to determine whether they are associated with known security threats.
Enrich threat data using third-party tools directly from nodes to gather additional insights about observable or threat objects.
Automatically ingest tactical threat intel from security tools deployed within your organization’s network.
Create relationships between nodes to see the context of a threat.
Manually add nodes to your canvas and perform all actions that the CTIX platform allows you to perform on threat data objects.
Import threat data objects from a CSV file and plot them in your canvas for analysis.