intrigue.io

Intrigue.io is a cybersecurity platform designed to provide proactive attack surface management and threat intelligence. It caters to small to large enterprises across various industries, including financial services and technology companies. According to the vendor, the product is utilized by cybersecurity professionals, IT professionals, risk and compliance professionals, security operations centers (SOCs), and other professionals involved in safeguarding organizational security.

Key Features

Threat Intelligence: According to the vendor, users can gain expert insights and context by searching for threat indicators such as IP, URL, domain, and file hash. They can obtain indicator confidence scores, timing, and actor context. The platform allows users to navigate between actors, malware, tactics, and vulnerability reports for a comprehensive view of ongoing threat activity. Additionally, users can receive daily news analysis with insights from Mandiant specialists to determine trusted news sources.

To-the-Minute Intelligence with Analysis: The vendor claims that users can access Mandiant's unique data intelligence gathering, research, curation, and dissemination capabilities to obtain threat actor information ahead of other vendors. The platform is said to graduate threat actors based on activity clusters and provide transparency through ancestry timeline views and graph views.

Integrated Intelligence: According to the vendor, users can embed and overlay the most recent threat insights into any web page or security analytics tool using Mandiant's browser plug-in or API. This feature aims to reduce the need to pivot between multiple tools by allowing users to view news analysis, indicator scoring, and threat context directly on the page.

Threat Campaigns: The vendor claims that users can gain visibility into active threat campaigns affecting their industries, regions, and peers. This feature is said to help users anticipate, identify, and respond to threats with more confidence.

Breach Analytics for Chronicle: According to the vendor, the platform enables users to continuously monitor current and historical security events. It allows them to identify and prioritize matches with the latest indicators of compromise (IOCs) through advanced analytics. The vendor states that this feature provides higher confidence in knowing about potential breaches as they happen, leveraging early knowledge of IOCs from Mandiant to detect breaches in real-time.

Mandiant Intel Grid: The vendor asserts that the platform includes insights from 200K+ hours of responding to attacks per year. It tracks 3K+ threat actors at any time and aims to empower teams to find incidents faster and reduce dwell time. The platform is designed to integrate these insights into security operations.

Reveal undiscovered and emerging security events and risks: According to the vendor, the platform continuously investigates historical security events and compares them with Mandiant's latest unpublished threat intelligence. This feature aims to provide insights from incident responders and analysts worldwide, helping users reveal undiscovered and emerging security events and risks.

Digital Threat Monitoring: The vendor claims that the platform provides visibility into the open, deep, and dark web. It monitors underground marketplaces, paste sites, blogs, social media, forums, and malware repositories. Using machine learning, the platform aims to extract actionable information from threat intelligence, helping users anticipate attacks and detect unknown data and credential leaks.