Use Cases | Anomali
Anomali ThreatStream

Identify threat intelligence in unstructured data in seconds

Schedule demo
Use case

Answer the question, “Have we been impacted?”

Anomali Lens case study 1

Problem

When a new threat is discovered in the wild, security teams and executives need to know as soon as possible if the attackers have already penetrated their network.

Solution

When Lens does a scan, it automatically checks Anomali Match to determine if any of the discovered threat intelligence has been seen on your network.

  • See the number of matches found in your environment for any scanned threat indicator or TTP
  • Understand the threat type and severity at a glance
  • Open Match at the click of a button for further investigation pivoting, and research
Use case

Operationalize the MITRE ATT&CK framework

Problem

While a critical ‘best practice’, threat analysis using the MITRE ATT&CK framework can be an extremely manual and time-intensive process.

Solution

Lens operationalizes the MITRE ATT&CK framework for you, automatically identifying the MITRE ATT&CK techniques found in scanned pages and importing the data into your Anomali ThreatStream instance at the click of a button.

  • Automatically identify techniques in web pages, blogs, and reports or quickly import unstructured lists
  • Automatically associate scanned techniques with MITRE ATT&CK IDs
  • Import MITRE ATT&CK TTPs into a ThreatStream investigation with the click of a button
  • Pivot, investigate, and visualize the imported threat intelligence in MITRE ATT&CK heatmaps in ThreatStream
Anomali Lens case study 2
Use case

Routinely Build Protection from Unstructured Sources

Anomali Lens case study 3

Problem

A regular research routine of pulling new threat information from reports, lists, and web pages can be fruitful, but extremely time-consuming.

Solution

Use Lens in your weekly routine to identify and ingest email addresses, URLs, and hashes from lists provided by a specific source and also from specific web pages. Lens customers report that in the past it took on average 2.5 FTE to perform this work – with Lens it now takes just half the time of a single analyst, freeing resources to focus elsewhere. Typical steps include:

  • The analyst logs into the source portal and looks at a posted list of known phishing email addresses, malicious URLs, hashes, etc.
  • The analyst scans those lists with Lens and automatically imports them via investigations into ThreatStream.
  • The items are tagged and then your SOAR validates automatically if the items match anything in your SIEM, and then creates tickets for the Incident Response team to investigate as necessary.
Use case

Create a Threat Bulletin for Threat Management & Executive Briefings

Problem

Researching a new threat and developing a threat bulletin and executive reports is a common requirement that is too manual and time-consuming.

Solution

Based on news reports or other sources of information about a threat or incident, users research the web, go to relevant pages, use Lens to scan and understand what you are seeing out there, and start building protection around it. You can then leverage Anomali’s Finished Intelligence to build a Threat Bulletin for the management of the threat, then take a subset of the information to build a PPT presentation for executives.

Anomali Lens case study 4
 
 

Go with Anomali and improve your security posture

Organizations rely on Anomali to harness the power of threat intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses.