i3 and GTIN – Existing Technology Integrations

Our latest IRM platform, i3, is currently supporting Zepko’s analysts lead by example to become one of the fastest, dynamic, well informed, and highly reliable Security Operations Centres in the country.

We like to lead, not follow.

As an example, i3 was one of the first, if not the first, IRM platforms to ship with OpenC2 security automation as standard, which is just one of the reasons why we believe we are ahead of so many of our competitors. OpenC2 allows our analysts to respond to incidents by quickly issuing firewall commands using a single click. All of the incidents which analysts see using i3 are easily expressed in STIX format and any new intelligence we came across and investigated were able to be quickly converted to STIX Indicator format.

If you are interested in replacing your current system for security incident alerting then we highly recommend i3. To find out more about its features then why not take a look at our previous blog https://news.zepko.com/security-incident-management-platform/. We can provide you with assistance every step of the way during the deployment of i3 and provide full in depth training on the use of the platform.

Our i3 platform also integrates with the Zepko’s Global Threat Intelligence Network (GTIN) which is another of our managed services. The integration of GTIN with the i3 platform enables an analyst access to a wealth of information allowing them to quickly correlate and more importantly understand threat intelligence.

All this is well and good, but how would clients who have previously invested into other technologies say, LogRhythm, make use of any of technologies such as GTIN?

Well, good news. Zepko’s threat intelligence is available as a TAXII feed and are readily available to be consumed using existing technology investments such as LogRhythm (a Zepko integration partner). Our threat intelligence feeds include anything from IP addresses of hacking forum visitors, nation state campaigns, and ransomware domains to name a few. Each of our feeds are usually updated at least once every 24 hours with all the information on the latest threats and trends.

If you are a LogRhythm customer but wish to consume our intelligence feeds we can provide you a simple walkthrough guide of how to configure LogRhythms Threat Intelligence Service Manager to ingest our feeds. This is done by adding a custom feed named ‘custom watchlist’ when clicking ‘STIX/TAXII Provider’, then you simply enter the details we provide you.

In this menu, LogRhythm also provide a handy method of testing a threat intelligence feed is working, simply by clicking the ‘test’ button.

If everything is working correctly a popup will appear after the feed has downloaded and the feeds table should now be populated with the available Zepko intelligence feeds.

Make sure you tick the checkbox column named ‘Enable’ for each feed you wish to poll intelligence from. Also, feeds can also be easily configured to automatically update at certain frequencies. Optionally you can also click the Download Now button to update the feed immediately.

Any time that configuration changes are made it is important, as always, to click the ‘Save’ button to make sure changes are saved.

Consuming our TAXII feeds is usually pretty straightforward, however, if you run into any difficulty during deployment then we are able to help with any problems you may come across.  If you are an existing LogRhythm customer and learn more about i3, GTIN or any other of our technologies please don’t hesitate to get in touch.