Begin Self-Guided Tour
THREAT INTELLIGENCE
Intelligence Portal
Portfolio
Intel Suite
Learn More
Why FireEye?
Continue
The problem
The Problem
Cyber attackers are often better trained, better resourced and the element of surprise gives them a distinct advantage over many security organizations.
Cyber attacks are increasingly more complex and the resulting damage more severe and costly for the victim.
To make matters even worse, finding and retaining a qualified security professional is tough enough, but finding the numbers needed to fully meet these challenges would be cost prohibitive.
threat intelligence that grows with you
WHY FIREEYE?
How can I automate remediation?
Building an intelligence-led security program
How do I improve effectiveness of my security controls?
Focused on maximizing operational value
Just getting started with threat intelligence
EXPLORE PORTFOLIO
THE PROBLEM
What about my peers?
How do I gain Dark Web peace of mind?
Can I reduce alert noise using data feeds?
What vulnerabilities are most pressing?
And...
How can I improve the detection capabilities and obtain severity ratings?
How do I prioritize vulnerabilities within my environment?
How can I gain contextual information on threats?
Should I be concerned about threats in the media?
Which program investments will yield the best ROI?
What should I hunt for?
How can I accelerate incident response?
No matter where you are in your security program, or what your threat intelligence needs are, the FireEye Mandiant Threat Intelligence portfolio has the solution for you. If you are just starting out, we can help you assess where you are and work with you to figure out where you need to go.
Build or supplement your intelligence maturity with access to a wide range of intelligence services, including subscriptions, consulting, monitoring and support.
Scope of portfolio
Includes in-depth cyber crime, cyber espionage, cyber physical, malware, vulnerability and industry-specific analysis and reporting.
depth of coverage
Combines industry-leading adversary, victim, underground and technical information derived from FireEye’s entire security ecosystem.
Breadth of SOURCES
WHy FireEye Mandiant Threat Intelligence?
USE CASES
hover on an icon to reveal more
HoVER on an icon to reveal more
01
/ 05
INTELLIGENCE SUBSCRIPTIONS
Security organizations are looking for ways to increase their own security expertise and effectiveness. They need to improve their response capabilities and ensure their defenses are aligned against the most likely threats. All without breaking the bank. FireEye Mandiant Threat Intelligence Subscriptions meets these challenges – cost effectively — with a wide range of actionable, effective security insights at the strategic, operational and tactical levels.
02
intelligence enablement
Optimize your intelligence investment and ensure your success with assigned threat intelligence analysts and managers. Designated Threat Intelligence analysts and managers regularly work with you as trusted advisors to ensure you get the most from your intelligence investment. Topics include onboarding and provisioning, API integration with your security systems, analyst access, custom threat reporting and strategic workshops.
03
intelligence capability development
Intelligence consulting services and assessments that help organizations realize and sustain the value they get from cyber threat intelligence, and to assess, build and mature an intelligence-led security program. ICD services include assessing existing threat intelligence program capabilities and threat exposure, creating strategic plans for program improvements and developing an operations framework for your threat intelligence program.
04
digital threat monitoring
FireEye Mandiant Digital Threat Monitoring™ reduces risk by providing early visibility into the threats your exposed assets face. It delivers this service through a unique combination of advanced technology and the world’s leading threat intelligence. The service enables you to proactively combat risks such as leaked credentials, public exposure, threats to assets and other potential monetary or credibility losses.
05
advanced intelligence access
The FireEye Mandiant Advanced Intelligence Access service gives you immediate access to raw FireEye threat data, analysis tools and finished intelligence, to help organizations quickly create threat intelligence tailored to their specific threat profile and security objectives.
FireEye Mandiant Threat Intelligence is a portfolio of subscriptions and services designed to address all aspects of your threat intelligence needs. Whether you’re just starting your threat intelligence journey or have a dedicated intelligence team, this solution provides the insights that improve the protection of assets, enhance the effectiveness of security programs and inform the business risk process. Click on the icons to your right to explore more.
INTELLIGENCE OPTIONS
EXPLORE INTEL SUITE
EXPLORE PACKAGES
INTELLIGENCE PORTAL
EXPLORE ON YOUR OWN
Different Packages
Comprehensive set of intelligence capabilities designed for full spectrum proactive security operations.
ENTERPRISE
Baseline set of intelligence capabilities designed to create foundational defenses and protections.
STANDARD
Set of premium intelligence capabilities designed for organizations focused on maximizing operational value.
ADVANCED
PREVIOUS
HOVER OVER each offering to reveal more
PACKAGE FEATURES
Threat Intelligence
Analyst Access Requests
Enablement Services
IOCs
API Enabled
Intel Browser Plugin
Intelligence for Executives
Intel Quarterly Briefing
Analysis Tools
News Analysis
Intel Suite: Advanced
Intel Suite: Standard
Intel Suite: enterprise
4 per year / 1 per quarter
INTEL PORTAL
THREAT IntelLIGENCE suite overview
To help organizations of all types and sizes meet and ultimately grow their intelligence capabilities, FireEye offers the Mandiant Threat Intelligence Suite, a collection of curated Threat Intelligence services and subscriptions designed to meet the most common threat intelligence needs and resources. Fueled by global detection technologies, 15+ years of incident response, and adversarial insights from the largest intelligence company in the world, FireEye Mandiant Intelligence Suite augments client security missions, enabling critical tasks while giving customers a decision advantage – all made accessible in three incremental tiers of bundled offerings.
Digital Threat Monitoring
N/A
All Indicators
Onboarding
8 per year / 2 per quarter
16 per year / 4 per quarter
Enterprise. 20 Investigations per Quarter. API Included.
Advanced. 10 Investigations per Quarter. API Included.
Standard. API Included.
Fusion Intelligence Cyber Espionage Intelligence Cyber Crime Intelligence Cyber Physical Intelligence Operational Intelligence Strategic Intelligence Vulnerability Intelligence
Operational Intelligence Vulnerability Intelligence
Weekly Vulnerability Exploitation Reports Industry Intelligence Quarterly Reports
Digital Threat Monitoring - Standard Vulnerability and Exploitation Subscription All IOC Indicators Analysis Tools Daily News Analysis
Digital Threat Monitoring - Advanced Operational Subscription All IOC Indicators Intelligence for Executives Analysis Tools Daily News Analysis
Digital Threat Monitoring - Enterprise Fusion Subscription All IOC Indicators Intelligence for Executives Analysis Tools Daily News Analysis
FIREEYE INTELLIGENCE PORTAL
The FireEye Intelligence Portal (FIP) delivers comprehensive intelligence reporting across all categories of threats. Our visibility encompasses an extended cyber-attack life cycle with an unmatched view across adversary and victim networks worldwide. Subscribers can also gain access to Analysis Tools for querying suspect IPs, domains, and submitting malware for static and dynamic analysis on demand.
EXPLORE KEY FEATURES
Featured Intelligence
NEXT
LATEST Intelligence
Organization of Intelligence
Explore our FireEye Finished Intelligence report types by Intel Product category.
Research malware overviews and full technical deep dives.
Industry-specific reporting may assist when putting together strategic analysis reports or performing threat assessments.
Region-specific threat intelligence including Country profiles.
Filter by motivational areas such as Cyber Crime, Cyber Espionage, Hactivism and Vulnerability & Exploitation.
Research adversaries, their motivations, and Tactics, Techniques, and Procedures (TTPs).
Support takes you to available documentation, FAQs, and allows Analyst Access request submission for subscribed customers.
Tools takes you to our Analysis Tools page, allowing customers to analyze suspicious Domains, IPs, and Files.
News Analysis takes you to our News Analysis landing page.
The Intelligence Menu provides the same access to the categories listed in the center navigational bar via a drop-down menu.
The Web Interface provides the following menu tabs. Hover over each tab below to learn more.
Portal MENU OPTIONS
HOVER OVER to reveal more.
See reports Page
Opening Reports
When in grid view hover over a report, or select report title in list view to open report. Hit the Toggle Report button in this tour to explore a report view.
From within individual reports, customers with access to Analyst Access are able to submit a request directly from the related report.
Reports can be downloaded in PDF format. Please note this will include any technical indicators included with report.
For reports with technical indicators, common download formats are available.
Alerts option appears for Digital Threat Monitoring customers. Manage keywords, alerts, investigations and much more.
TOGGLE REPORT
ANALYST ACCESS
REPORT DOWNLOAD
Download indicators
Search for Threat Actors
ADVANCED PERSISTENT THREAT GROUPS
We track over 39 APT groups that we firmly associate with nation-state activity.
TEMP GROUPS
Track over 60 other cyber espionage actors under the term "Temp" to designate that we have some knowledge of the activity, but do not fully.
Financially Motivated Groups
We track over 10 FIN groups that are highly advanced cyber criminals that act similarly to nation states.
Identified Clusters of Activity
We track 600+ other clusters of identified threat activity that we cannot decisively attribute to a known Temp or APT group. We profile this clustered activity in our products without referencing a specific name.
Actor intelligence
FireEye Intelligence portal features finished intelligence reports, covering numerous facets. For now we'll focus on Actors. FireEye Mandiant Threat Intelligence tracks hundreds of threat groups. We designate our confidence in the links between these groups depending on if the group is tracked as an advanced persistent threat group, temporary (temp) group, financially motivated group, or other clusters of identified threat activity.
Alerts take you to the Digital Threat Monitoring page.
Click to go to the Home Page of the portal.
You are currently on the Intelligence page of the portal.
News Analysis reports deliver subscribers daily FireEye Mandiant Threat Intelligence assessments on the top cyber security news stories. Actionable threat intelligence delivered through FIP draws on FireEye’s proprietary knowledge to equip security teams with the information required to respond to and defend against cyber threats.
EXPLORE
These daily reports correlated with FireEye Mandiant Threat Intelligence reporting go beyond the headlines to deliver you a true, detailed understanding of the security landscape.
Filter by Ratings as set by FireEye with the following options for the media being On Target, Plausible, Off Target, or Judgement Withheld.
You are currently on the News Analysis page.
Click to go to "Actor" page.
Filter by Rating
Tools
Analysis tools, including the Analyze Domains/IPs and Analyze Malware tools, allow you to submit indicators and determine what FireEye knows about that indicator. Results might include observed behaviors, associated malware families, and threat group attribution associated with a given indicator.
Upload suspect files for analysis and receive an analysis report, dynamically generated indicators, and the packet capture (pcap) from your session. Files cannot be larger than 60 MB.
Analysis results from all of your organization's submissions are listed and searchable here.
The Analyze Domains and IPs tool provides contextual information about fully qualified domain names, IP addresses, and associated threats.
You are currently on the Tools page which allows customers to analyze suspicious Domains, IPs, and Files.
AnalYze FiLES
AnalYsis RESULTS
AnalYZE DOMAINS
Alerts
Digital Threat Monitoring (DTM) customers will have access to the Alerts Dashboard, providing visibility into real-time intelligence alerting and investigations results. We're going to highlight some key features of the dashboard.
The Digital Threat Monitoring dashboard features Threat Alerts generated by unique customer keywords and queries, enabling evaluation of relevant and actionable results. The dashboard provides filterable categories allowing for rapid triage to aid decision making. Selecting an individual alert will open its results page, providing more details.
Digital Threat Monitoring Dashboard
Digital Threat Monitoring Alerts Can Be Organized with These Filters
Actions: Menu of action available to manage one or more received alerts
Timestamp: Date and Time the alert was initially generated
Comment or ask questions on an alert for interaction with FireEye analysts
Title: Headline description for each alert generated algorithmically
Alert Type: Identifies the type of source content from which this alert was generated
Status: Informs status of alert (New, Closed, Under Investigation, Investigated)
Stars: Enables users to save/filter alerts of significant interest
Multi-select: Enables users to select one or more alerts to perform an action
Provides overview data about an individual alert’s disposition, source, timestamp, relevance and severity
Displays overview data related to the Threat Alert source.
Displays which specific customer keywords queued the Threat Alert.
Presents captured source details driving the Threat Alert and allows customers to view where exactly the keywords triggering the Threat Alert reside.
Threat Alert & Investigation
threat alert summary
SOURCE DETAIL
KEYWORDS
SOURCE CONTENT
Severity: Danger rating identifying whether an alert is Critical, High, Medium, or Low
ID: Unique ID of the Alert
See how FireEye Mandiant Threat Intelligence can work for you.
Schedule a live demo
START TOUR AGAIN
