The Investigation Insights – Internet Storm Center integration provides a free unique look at different IP addresses, enabling analysts to quickly understand how an IP address might have behaved in the past. Leading to unique insights when deriving context about an IP address.
Examples – Internet Storm Center Data Overview
- Summary Tags: When looking up an IP in ISC analysts will quickly see the number of associated threat feeds that IP has been seen on.
- IP Risk Overview: When drilling into the details of the IP address, analysts can quickly understand the high level context of the IP. Quickly learning about the Max Risk associated, number of distinct packets associated (attacks) and total number of packets blocked by the IP.
- ASN Details: While also looking at the details, analysts can quickly get an overview of the ASN information associated with the IP.
- SSH Details: While in the details view analysts can also get an overview of different ssh attempts noticed with the IP if any are associated.
- Threat Feeds: Finally analysts can quickly get an understanding of where ISC gathered the information from different feeds on.
