ITDigest | InQuest Integrates with ThreatConnect


Originally posted on ITDigest here

Written by News Desk

InQuest, renowned for in-depth file analysis of malware and threat intelligence that draws from a rich tapestry of both open-source and proprietary sources, is thrilled to announce a new integration with ThreatConnect’s TI Ops Platform. With this integration, InQuest’s critical indicators of compromise (IOCs) are instantly accessible for downstream use by popular SIEMs, endpoint, network, and cloud security tools. This enhances an organization’s threat detection and prevention capabilities and provides CTI analysts with dynamic updates for their Threat Library in ThreatConnect’s Platform.

InQuest’s InSights has carved a unique position for itself by offering unmatched visibility into indicators extracted from comprehensive file-based analyses. Spanning across its customer base, alliances, and proprietary analysis platforms, the intelligence gleaned provides security teams with insights into real-world attacks. Particularly, these insights emphasize threats from advanced actors known for their evasion tactics and penchant for targeting high-stakes sectors.

Several internal sources lie at the heart of InQuest’s state-of-the-art threat intelligence feeds, including the InQuest InSights C2 Feed, InQuest InSights TI Feed, InQuest Labs RepDB, InQuest Labs IOCDB, and InQuest Labs DFIDB. InQuest InSights C2 Feed is dedicated to spotlighting InQuest’s innovative analysis on malware command and control (C2) infrastructure. This feed is primarily composed of the output of InQuest’s threat intelligence analyst work product as well as proprietary sources that are worked in conjunction. The InQuest InSights TI Feed is composed of indicators relating to adversary infrastructure used for malware staging, phishing, VPN and proxy endpoints, and attack origination including mail delivery, scanning and exploitation, and network penetration. This feed includes data from InQuest intelligence analysis and its partner networks. InQuest Labs RepDB is a robust collection of reputation data leveraged by the InQuest TI team to validate and contextualize InQuest Threat Intelligence. It consists of two dozen of the most trusted reputation datasets available privately and commercially as well as output of InQuest’s state-of-the-art Deep File Inspection® (DFI) technology. InQuest Labs IOCDB is a rich OSINT focused feed that contains hundreds of sources pulled from the Internet filtered and contextualized to provide high-quality indicators and data in a timely manner. InQuest Labs DFIDB is composed of indicators extracted from publicly shared files as well as files uploaded to for analysis by InQuest DFI file analysis.

Together, the synthesis of reputation data, open source intelligence, and unparalleled data from InQuest’s file and infrastructure analyses presents a panoramic and in-depth understanding of the contemporary threat landscape.

Introducing InSights into ThreatConnect equips CTI and Security Operations teams with an invaluable addition to their threat libraries, to fortify threat detection, prevention, and response. The integration allows teams to harness ThreatConnect’s innate enrichment capabilities, enabling them to craft detailed internal reports, facilitate thorough response investigations, and utilize InQuest for focused IOC hunting scenarios.