Documentacao renderizada
Esta pagina renderiza o Markdown e Mermaid do modulo diretamente da fonte publica de documentacao.
Overview#
The Threat Intelligence Integration module provides threat intelligence enrichment through external security intelligence APIs. It delivers domain reputation analysis, IP geolocation and risk assessment, historical DNS resolution data, URL scanning, and WHOIS lookup capabilities for intelligence gathering and threat analysis.
Key Features#
- Domain reputation analysis with risk scoring and categorization
- IP geolocation with risk assessment and threat indicators
- Historical DNS resolution data for infrastructure analysis
- URL scanning with threat detection and categorization
- WHOIS lookup for domain and IP ownership intelligence
- Bulk enrichment support for processing multiple indicators simultaneously
- Configurable risk thresholds for automated alerting
- Caching layer for frequently queried indicators to optimize performance
- Integration with the broader threat intelligence pipeline
Use Cases#
- Enriching investigation indicators (domains, IPs, URLs) with threat intelligence context
- Assessing domain and IP risk levels to prioritize investigation of suspicious infrastructure
- Analyzing historical DNS data to map threat actor infrastructure evolution
- Bulk-processing indicators of compromise for rapid threat assessment during incidents
Integration#
The Threat Intelligence Integration module connects with the platform's intelligence enrichment pipeline, alert management, and investigation workflows for automated indicator analysis.
Last Reviewed: 2026-02-05