
Dec 19, 2023
1.0.1
ThreatQ versions >= 4.25.0
Blueliv CTI Intelligence
Overview
The Blueliv Intelligence integration for ThreatQ allows a user to ingest Blueliv's cyber threat intelligence from their v1 API
Supported CTI feeds:
- Bot IPs
- Crimeservers
- Attacking IPs
- Malware
Blueliv provides automated, real-time threat intelligence data, ultimately streamlining the delivery of valuable data into ThreatQ for analysis and correlation with network events.
Pairing Blueliv’s confidence level with ThreatQ’s Scoring System helps analysts reduce the noise and identify relevant events more quickly.
- Blueliv’s attack feed provides targeted information, making it easier to find, mitigate and contain the attack.
- Importing IP and FQDN indicators associated with botnets and crime servers
- Ingesting hashes and attributes indicating the type, family, architecture and confidence of the malware
- Creating relationships between related IPs, hashes and FQDNs
About Blueliv
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence for large enterprises, service providers and security vendors. Its cyber threat platform and feed addresses a comprehensive range of cyber threats to turn global threat data into predictive, actionable intelligence that detects, identifies and helps stop cyber threats. Blueliv’s clients include leading bank, insurance, telecom, utility and retail enterprises in Europe, and the company has alliances with leading security vendors and other organizations to share cyber intelligence.