Threat Patrols platform
The Threat Patrols API provides the core Threat Patrols platform functionality. Customers can work with the API directly, or have the Threat Patrols team operate the platform for you as a managed cyber threat landscape service.
Threat Discovery
Threat Patrols, Threat Discovery enables users to perform regularly scheduled threat discovery patrols aimed at asset-types such as network-addresses, domain-names, phone-numbers and email-addresses.
Both passive and active threat-discovery tasks are available using Threat Patrols vetted data-sources and well-known threat-engine scanners.
Our passive threat-datasources include both open clear-web and dark-web datasources that are known for listing and describing various in-the-run cyber threats. We work hard to discover, examine and create data-collection tools to ingest new clear-and-dark datasources that are then available to be regularly queried through the Threat Patrols platform.
Our active threat-engines include a wide range of well known threat-engines such as, Amass, Nmap, OpenVAS and many (~20x) others. Threat Patrols manages all threat-engines to ensure they are well-running, up-to-date and current.
Results and result-deltas are available serialized via the API making it possible to integrate with other systems such as customer event-logging (eg SIEM) systems.
Alerts on threat-landscape change can be targeted to email-addresses, customer ticketing-systems or chat-messaging platforms.
Threat Watch
Many organizations have known cyber-threats outside their immediate control or influence that require tracking as a matter of good cyber-risk practice, Threat Watch provides this capability.
Threat Watch provides users with independent forensic data capture of tracked items for later reference. Data collected by Threat Watch is signed by Threat Patrols allowing it to be validated by third parties for content and timestamp.
Threat Watch operates from Threat Patrols infrastructure creating effective separation between users and the assets under threat-watch.
Threat Watch is an effective tool to watch, track and validate the status of:
- Known phishing sites
- Known domain-name and typo-domain squatters
- Vendors and suppliers with fragile cybersecurity
- Validation of threat takedowns
- Validation of vulnerability removal and patch application
Alerts on threat-landscape change can be targeted to email-addresses, customer ticketing-systems or chat-messaging platforms.
Threat Processing
Threat Patrols, Threat Processing is a managed service to handle and process threat-cases for customers that lack capacity to handle internally.
Customers supply threat-case observation data (eg phishing emails, threat websites, screenshots) to Threat Patrols by encrypted-email, web-portal or API.
Threat-cases are human reviewed by our threat-analysts and tracked as a ticketed case with the customer.
Threat Patrols may perform the following threat-case duties depending on the case itself
- Extract observables from reported artifacts and associate with previously observed cases
- Lookup and compare threat-case observables with Threat Patrols threat datasources
- Attach Threat Patrols, Threat Watch monitors to observables
- Handle threat takedown processing with hosting-providers, domain-providers and threat-exchanges
- Report threat-case observables to appropriate authorities and agencies (when customer requested)
- Supply end-user with instruction regarding appropriate actions to take regarding threat-case
- Track and internally report threat-cases until verified as closed
Our Threat Processing service provides your staff with actionable procedures to follow when threat-cases occur, thus limiting the recurrence of threat-actor abuse against your organisation.