/> Update cookies preferences
Skip to main content
Abstract Security Secures $15 Million in Oversubscribed Series A

Abstract Intel Gallery

Weave your indicators and events together with the Abstract Data Fabric

"threatActor": "Wizard Spider"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"action": "user.disable_mfa",
"eventId": "evtw9k2jMzh0SIHSov0g"
IOC Type
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
 "id": "23456789"
 "id": "23456789"
"threatActor": "Wizard Spider"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"action": "user.disable_mfa",
"eventId": "evtw9k2jMzh0SIHSov0g"
IOC Type
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
 "id": "23456789"
 "id": "23456789"
"reason": "User successfully authenticated via SSO"
"id": "00u1abc23DEFG456HIJK"
"requestUri": "/app/sso/abcdefg12345/sso/saml"
"credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"ioc": "e99a18c428cb38d5f260853678922e03abd83356e89c4649d7dfe808d59639ff"
"reason": "User successfully authenticated via SSO"
"id": "00u1abc23DEFG456HIJK"
"requestUri": "/app/sso/abcdefg12345/sso/saml"
"credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"ioc": "e99a18c428cb38d5f260853678922e03abd83356e89c4649d7dfe808d59639ff"
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"url": "https://api.github.com/orgs/example-org/audit-log"
 "id": "23456789"
"avatar_url": "https://github.com/images/error/octocat_happy.gif"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
"url": "https://api.github.com/orgs/example-org/audit-log"
 "id": "23456789"
"avatar_url": "https://github.com/images/error/octocat_happy.gif"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
"threatActor": "FinFisher Developers"
"authenticationMethod": "PASSWORD"
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
"displayName": "John Doe",
"reason": "User successfully authenticated via SSO"
"displayName": "Example Corporation"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
"threatActor": "FinFisher Developers"
"authenticationMethod": "PASSWORD"
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
"displayName": "John Doe",
"reason": "User successfully authenticated via SSO"
"url": "https://api.github.com/orgs/example-org/audit-log"
"threatActor": "Evil Corp (Dridex Gang)"
 "id": "23456789"
"login": "user_to_disable_mfa",
"type": "File Hash (SHA-256)"
 "malwareFamily": "Dridex"
 "authenticationStep": 1,
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"url": "https://api.github.com/orgs/example-org/audit-log"
"threatActor": "Evil Corp (Dridex Gang)"
 "id": "23456789"
"login": "user_to_disable_mfa",
"type": "File Hash (SHA-256)"
 "malwareFamily": "Dridex"
 "authenticationStep": 1,
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"reason": "User successfully authenticated via SSO"
"login": "user_to_disable_mfa",
"malwareFamily": "DarkComet",
 "requestUri": "/app/sso/abcdefg12345/sso/saml"
 "credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"requestUri": "/app/sso/abcdefg12345/sso/saml",
"reason": "User successfully authenticated via SSO"
"login": "user_to_disable_mfa",
"malwareFamily": "DarkComet",
 "requestUri": "/app/sso/abcdefg12345/sso/saml"
 "credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"requestUri": "/app/sso/abcdefg12345/sso/saml",
"displayName": "Example Corporation"
"threatActor": "FinFisher Developers"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
 "id": "00u1abc23DEFG456HIJK"
"authenticationMethod": "PASSWORD"
"displayName": "John Doe",
"displayName": "Example Corporation"
"displayName": "Example Corporation"
"threatActor": "FinFisher Developers"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
 "id": "00u1abc23DEFG456HIJK"
"authenticationMethod": "PASSWORD"
"displayName": "John Doe",
"displayName": "Example Corporation"
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",

Add context to data pipelines with streaming intelligence

Abstract Security's data fabric empowers your team with a simple ETL interface to enrich events with real time threat intelligence, enhancing detection accuracy and relevancy.

hxxps://example.com/malicious/file.zip
user.authentication.sso
10.10.10.10
192.168.1.1
293.0.113.5
hxxps://example.com/malicious/file.zip
user.authentication.sso
293.0.113.5
293.0.113.5
293.0.113.5
203.0.113.5
evilwebsite.org
293.0.113.5
44d88612fea8a8f36de82e1278abb02f
10.10.10.10
evilwebsite.org
293.0.113.5
44d88612fea8a8f36de82e1278abb02f
293.0.113.5
"threatActor": "Wizard Spider"
192.168.1.1
Known Good
192.168.1.1
"threatActor": "Wizard Spider"
293.0.113.5
"threatActor": "Wizard Spider"
293.0.113.5
Known Good
293.0.113.5
"threatActor": "Wizard Spider"
10.0.0.5
authenticationProvider": "OKTA"
IOC
malicious-domain.com TrickBot
10.10.10.10
Known Good
293.0.113.5
"threatActor": "APT29 (Cozy Bear)"
10.0.0.5
authenticationProvider": "OKTA"
IOC
malicious-domain.com TrickBot
293.0.113.5
Known Good
293.0.113.5
"threatActor": "APT29 (Cozy Bear)"

Supercharge analytics and correlate events against known threat actors

Seamlessly correlate events to known adversary infrastructure, providing real time insights into security breaches and outpacing adversary breakout times.

Network Logon
Access Denied
Node Shutdown
Access Granted
Detection: Ransomware Detected
Detection: Threat Actor Activity
Detection: Actor TTP Identified

Robust Integrations available in seconds

High quality threat intelligence through partnerships with key intelligence vendors. Configure, ingest, and operationalize in seconds.

Support for key intelligence vendors
Upload in-house intelligence
Connect to your ISAC
Get In Touch