SURFACE RELEVANT INSIGHTS Faster TO OPERATIONALIZE THREAT INTELLIGENCE
Automated Threat Intelligence Research and Analysis
Unstructured threat intelligence is a vital resource for analysts and executives, but searching through page after page of documents for relevant information can be arduous and time consuming—especially when reports of a new cyberattack or data breach increase the urgency.
Anomali Lens is a powerful Natural Language Processingengine that helps operationalize threat intelligence by automatically scanning digital content (PDF, HTML, Office365 (Word, Excel, Outlook)) to identify relevant threats and streamline the lifecycle of researching and reporting on them.
Available as a browser extension or Office 365 plug in, Lens automatically highlights relevant threat information in news articles, threat bulletins, social media, research papers, blogs, coding repositories, and internal content sources. Analysts are then able to quickly inform executives, as well as operationalize intelligence with multiple teams across an organization, to reduce risk.
For security analysts: Quickly capture the full significance and context of a threat, then provide an executive summary with a clear analysis and risk assessment for the organization.
For executives: Gain immediate context into emerging threats with one‐click visibility into the presence or absence of the threat in the organization’s own historic security event logs.
Key Use Cases
INGEST UPDATED DATA ON IOCS
Scan phishing emails, malicious email addresses, URLs, and hashes from a source portal or website, then export the data into ThreatStream automatically.
OPERATIONALIZE MITRE ATT&CK
Associate scanned and imported techniques
with MITRE ATT&CK IDs, then export to an Anomali ThreatStream Investigation at the click of a button.
DETERMINE IMPACT QUICKLY
Automatically determine whether a scanned threat indicator or TTP has been seen in your environment.
INFORM YOUR ORGANIZATION
Create professional-quality reports to inform threat detection, response, and remediation efforts as well as management.
1 of 4
2 of 4
3 of 4
4 of 4
Unstructured data natural language processing analysis supporting multiple(PDF, HTML) form factors
Identify threat intelligence in unstructured data in seconds by scanning a web page or PDF report.
MITRE ATT&CK TTP recognition to identify and associate key phrases with known actors
Customizable dashboards for identified news on trending malware, CVEs, actors or MITRE attack patterns
At‐a‐glance threat identification and translation of unstructured attack description into MITRE ATT&CK techniques
Automatic IoC import into TS Threat Bulletins, Investigations, and Sandbox detonation
One‐click investigation launch in ThreatStream for deeper threat research, analysis, and finished intelligence
Automate threat research and reporting by automaticallyconverting scanned threat data into structured, machine readable threat intelligence.
One‐click export of scanned threat data, IOCs, and MITRE ATT&CK TTPs intoThreatStream or Match
Automated report creation to export investigations as a Finished Intel report(FINTEL), including the related MITRE ATT&CK matrix
Visualization of threat intelligence in automatically created ThreatStreamMITRE ATT&CK heatmaps
Quickly research and prioritize alerts with advanced threat analytics and a powerful investigation workbench.
email@example.com | www.anomali.com
808 Winslow St, Redwood City, CA 94063 USA 1-844-4-THREATS
Copyright © 2022 Anomali
Automatically scans digital (PDF, HTML,OFFICE 365) content to identify relevant threats and jumpstart investigations.
Threat Entity Scanning and Identification
Threat Entity Status and Relevance
Import and Analysis
Usage and Deployment
Lens Feature Comparison
Scan web pages to identify threat entities
Scan web product consoles and reports to identify threat entities
Scan Microsoft Office 365 Documents (Outlook,Word, Excel)
Scan PDF documents to identify threat entities
Auto-scan pages to identify threat entities
Highlight threat entities within scanned documents
QuickLook tooltip for in-page highlighted threat entities
Identify threat entities as Active, Inactive, or Unknown
Identify threat entities correlated from Anomali Match
One-click pivot into ThreatStream to view threat entity details
One-click pivot into Anomali Match to view correlated intelligence
MITRE ATT&CK® TTP highlighting
Import threat entities into ThreatStream
Automatically create Threat Bulletins in
Automatically create/add to Investigations in ThreatStream
Search for a threat entity in Threat Bulletins in ThreatStream
Detonate URLs in ThreatStream Sandbox
Report false positives
DEPLOYMENT FORM FACTOR:
Browser extension from plugin stores (Chrome,Firefox, Edge)
IT deployed plugin (Chrome, Firefox, Edge) Microsoft Office 365 plugin
Anomali Platform UI (where plugins areprohibited) Microsoft Office 365 plugin
Identify threat intelligence in unstructured data in seconds to quickly confirm if you’re being attacked
Available in multiple form factors, including browser (Chrome,Firefox, Edge) or Office 365 (Outlook, Word, Excel) plugin
Eliminate time-consuming manual processes to lessen thetime required to research and correlate tactical indicators
Improve detection capabilities and response efforts byprioritizing alerts based on sightings, severity, and risk
Automate manual processes to increase analyst productivity
Enable quick communication to management and cross-functional collaboration
Take the Tour
Discover how Anomali can help improve your cyber defenses.
This datasheet is interactive. Hover and click to explore.