-
734 items
169 item
211 item
88 item
237 item
1 item
10 item
13 item
9 item - For developers
CyberTotal is a cloud-based threat intelligence service developed by CyCraft, which cohesively integrates multiple and varied CTI sources, open-source intel, and proprietary threat intel to provide best-in-class threat intelligence. CyCraft’s Cyber Intel team has long tracked the most sophisticated forms of intrusion and provides historical and up-to-date information on APT groups.
CyberTotal helps companies quickly identify and triage threats as well as verify security alerts through automated correlation analysis and knowledge base optimization. This integration enables large amounts of received artifacts to rapidly and concisely be enriched with contextual threat information to improve the efficiency and accuracy of your security operations. Indicators are prioritized for security experts to quickly focus on the most important and urgent alerts, thereby saving human capital and increasing productivity.
The two main use cases supported by the CyberTotal integration are:
Use Case 1: Alert Validation
On average, security teams review several thousand alerts each day. By employing the CyberTotal platform, intelligence can be more accurately analyzed and prioritized. The enrichment of the indicators produces contextual threat information such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more. With the additional reputation and storyline data describing the indicator, security experts can quickly eliminate false alarms and decide if further investigation is needed. Users can also click the CyberTotal URL link to view the indicator’s full report.
Use Case 2: Threat Hunting
CyberTotal automatically aggregates multiple cyber threat intelligence sources from around the world. This enriched threat intelligence data includes severity levels, confidence levels, and threat scores with grading, correlation, and aggregation scores, thus enabling security personnel to more accurately classify and handle each alert. If enterprise firewall or proxy logs are collected in ArcSight, CyberTotal can help to inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard or daily/weekly statistical reports to speed the sec ops workflow.
ArcSight ESM 7.0.0.2436.1 or higher
ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server
Network access to CyberTotal (https://cybertotal.cycraft.com).
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox
