The core of Feedly for Menace Intelligence is an AI engine, termed Leo, that routinely gathers, analyzes, and prioritizes intelligence from thousands and thousands of resources in true-time.
In this report, we’ll clearly show you how to use Leo to:
- Monitor significant vulnerabilities and zero-days
- Investigation the behavior of specific risk actors and malware people
- Have an understanding of the menace landscape all around your industry
- Keep track of area of interest cybersecurity topics
Right before we glance at those people four use situations, let’s start with a shorter overview of how Leo functions.
Fulfill Leo, Feedly’s AI Motor
Leo reads hundreds of thousands of content, experiences, and social media posts every working day and immediately tags crucial risk intelligence concepts: significant vulnerabilities, malware people, risk actors, indicators of compromise, ATT&CK methods, firms, sellers, industries, and so on.
All this facts is at your fingertips in around authentic-time by way of a potent and intuitive look for and tracking interface named Leo Internet Alerts.
Curious how it performs? Let’s just take a glimpse at a Leo Internet Warn developed to track crucial vulnerabilities and zero-times linked to Cisco Devices:
Making a Leo Net Warn is a 3-move method:
- Use Leo Concepts to determine the intelligence you want to acquire. In our instance, we use the ‘High Vulnerability’ and ‘Cisco Systems’ Leo Principles to discover new important vulnerabilities similar to Cisco Programs.
- Use AND, OR, NOT operators to mix various Leo Principles and refine your concentrate. In our case in point, we use AND to track articles and studies that reference equally ‘High Vulnerabilities’ and ‘Cisco Systems’.
- If desired, refine sources with your possess trustworthy resources. By default, Leo World-wide-web Alerts will look for throughout the Cybersecurity Bundle (a collection of 50,000+ stability news sources, risk investigation weblogs, newsletters, seller advisories, government agencies, vulnerability databases, CISO magazines, and Reddit communities curated collectively by 200,000 cyber specialists employing Feedly and partitioned by Leo into a few tiers centered on reputation and authority).
Leo Net Alerts are feeds you can increase to a staff or personalized folder. New articles or blog posts, reports, or social media posts matching the specified Leo Concepts will seem in the Leo Website Notify feed.
The electrical power of Leo Net Alerts is that ‘High Vulnerability’ and ‘Cisco Systems’ are not basic key word matches. These Leo Concepts are machine learning versions that encapsulate a broader comprehension of each individual concept:
- ‘High Vulnerability’ is a Leo Thought that tracks vulnerabilities with a CVSS score higher than 8 or a CVSS score above 5 that incorporates a regarded exploit. If the vulnerability does not have a CVSS rating nonetheless, a equipment mastering design is employed to forecast the CVSS score based on the descriptions of the vulnerability. Understand more
- ‘Cisco Units’ is a ‘Company’ Leo Idea that tracks for mentions of Cisco by its identify or any acknowledged aliases. When the enterprise title is ambiguous, a disambiguation design is utilised to remove bogus positives.
Devoid of Leo Concepts, collecting intelligence would call for a laborous exertion of seeking to uncover a long checklist of the correct keywords and phrases, leaving area for blind places and lots of irrelevant effects.
Feedly for Threat Intelligence arrives with a huge array of pre-experienced Leo Principles so that you can conveniently translate your intelligence demands into Leo Internet Alerts.
Let us see how we can incorporate these Leo Principles to proactively observe precise threats and keep 1 move ahead of your adversaries.
Investigate the conduct of certain threat actors and malware people
Tracking the habits of threat actors and malware people can be cumbersome and mind-boggling, getting up useful time that could be expended looking for destructive exercise in your atmosphere.
That’s why Feedly has produced a set of Leo Principles that immediately tag danger actors, malware households, TTPs, and IoCs.
Let us get a glimpse at a Leo World wide web Alert made to monitor the most recent IoCs and TTPs similar to Lazarus Group throughout risk intelligence reports posted on the website:
- ‘Lazarus Team’ is a ‘Risk Actor’ Leo Strategy run by Malpedia that tracks mentions of the risk actor by title or its numerous aliases. Understand far more
- ‘Indicators of Compromise’ is a Leo Strategy that tracks malicious URLs, IPs, email addresses, domains, and hashes. Discover much more
- ‘Techniques & Approaches’ is a Leo Thought run by the Mitre ATT&CK v10 framework that tracks methods, procedures, and sub-approaches and their relationships. Find out additional
- ‘Risk Intelligence Report’ is a Leo Notion that flags intel experiences made up of in-depth specialized specifics about IoCs, TTPs, risk actors, and malware. Discover a lot more
In this article are some additional Leo Concepts you can use to broaden or narrow your danger profiling:
Have an understanding of the risk landscape about your field
Being up to day with the most current attacks in opposition to your business can enable you be superior well prepared when placing defenses in spot, as nicely as enable you study about which threat actors to glance out for so you can be much more specific when accumulating intelligence.
Let’s acquire a look at a Leo World wide web Notify designed to get intelligence about cyber assaults in the finance marketplace:
- ‘Cyber Attacks’ is a Leo Strategy that tracks situations of cyber assaults and attempts to determine who or what the goal of the attack is. Find out more
- ‘Finance Field’ is an ‘Marketplace’ Leo Principle that classifies article content linked to the finance marketplace primarily based on organization mentions and terminology. Understand a lot more
You can also very easily narrow your target on a distinct style of attack:
Check significant vulnerabilities and zero-days
Manually maintaining in advance of new vulnerabilities and zero-days is an difficult job, but you can set up Leo Net Alerts to assist you continue to be up to date on new vulnerabilities that appear across the radar of the worldwide cybersecurity community.
Feedly aggregates vulnerability details from NVD and in excess of 20 vendor advisory web sites — as well as monitoring a lot of resources to obtain exploits for just about every CVE — in close to genuine-time.
Let’s just take a appear at a Leo Web Notify built to floor significant vulnerabilities and zero-times connected to a seller deployed in your surroundings:
When you uncover a new CVE, you can use the CVE intelligence card to get a 360 diploma look at of that vulnerability and determine if you need to make a ticket for your response staff.
Monitor niche cybersecurity subjects
You can also use Leo Web Alerts to track market cybersecurity subject areas.
Let’s just take a search at a Leo Net Inform built to gather intelligence about destructive, compromised, or hijacked packages:
Right here are some supplemental Leo Concepts you can use to monitor specialized niche cybersecurity matters:
Obtaining smarter each individual working day
The world’s leading cybersecurity groups use Feedly for their OSINT, so the merchandise frequently enhances dependent on their comments.
Below is a roadmap of some of the new Leo Principles we are looking into:
Feedly for Menace Intelligence customers can attain out to us at [email protected] to give responses on enhancing present Leo Concepts or generating new types to be certain that Feedly is performing at whole capability to provide your Danger Intelligence wants.
Attempt Feedly for Danger Intelligence
All of these features, additionally many a lot more, are accessible as a portion of Feedly for Threat Intelligence. To discover extra about any of these capabilities, or start out a no cost 30-working day demo, click the website link beneath.
Consider FEEDLY FOR Threat INTELLIGENCE