Free cookie consent management tool by TermsFeed Update cookies preferences
Introducing

Abstract Intel Gallery

Put your Threat Intelligence to work
Get Started Today

weave your indicators and events together in the abstract data fabric

"threatActor": "Wizard Spider"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"action": "user.disable_mfa",
"eventId": "evtw9k2jMzh0SIHSov0g"
IOC Type
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
 "id": "23456789"
 "id": "23456789"
"threatActor": "Wizard Spider"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"action": "user.disable_mfa",
"eventId": "evtw9k2jMzh0SIHSov0g"
IOC Type
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
 "id": "23456789"
 "id": "23456789"
"reason": "User successfully authenticated via SSO"
"id": "00u1abc23DEFG456HIJK"
"requestUri": "/app/sso/abcdefg12345/sso/saml"
"credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"ioc": "e99a18c428cb38d5f260853678922e03abd83356e89c4649d7dfe808d59639ff"
"reason": "User successfully authenticated via SSO"
"id": "00u1abc23DEFG456HIJK"
"requestUri": "/app/sso/abcdefg12345/sso/saml"
"credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"ioc": "e99a18c428cb38d5f260853678922e03abd83356e89c4649d7dfe808d59639ff"
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
"url": "https://api.github.com/orgs/example-org/audit-log"
 "id": "23456789"
"avatar_url": "https://github.com/images/error/octocat_happy.gif"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
"url": "https://api.github.com/orgs/example-org/audit-log"
 "id": "23456789"
"avatar_url": "https://github.com/images/error/octocat_happy.gif"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
"threatActor": "FinFisher Developers"
"authenticationMethod": "PASSWORD"
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
"displayName": "John Doe",
"reason": "User successfully authenticated via SSO"
"displayName": "Example Corporation"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
"threatActor": "FinFisher Developers"
"authenticationMethod": "PASSWORD"
"displayName": "Example Corporation"
 "id": "00u1abc23DEFG456HIJK"
"displayName": "John Doe",
"reason": "User successfully authenticated via SSO"
"url": "https://api.github.com/orgs/example-org/audit-log"
"threatActor": "Evil Corp (Dridex Gang)"
 "id": "23456789"
"login": "user_to_disable_mfa",
"type": "File Hash (SHA-256)"
 "malwareFamily": "Dridex"
 "authenticationStep": 1,
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"url": "https://api.github.com/orgs/example-org/audit-log"
"threatActor": "Evil Corp (Dridex Gang)"
 "id": "23456789"
"login": "user_to_disable_mfa",
"type": "File Hash (SHA-256)"
 "malwareFamily": "Dridex"
 "authenticationStep": 1,
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
arn:aws:sts::565510932994:assumed-role/eksctl-abstract-saas-prod-eks-cluster-addon-i-Role1-mAL1z4hvOx3A/botocore-session-1720611931"
"reason": "User successfully authenticated via SSO"
"login": "user_to_disable_mfa",
"malwareFamily": "DarkComet",
 "requestUri": "/app/sso/abcdefg12345/sso/saml"
 "credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"requestUri": "/app/sso/abcdefg12345/sso/saml",
"reason": "User successfully authenticated via SSO"
"login": "user_to_disable_mfa",
"malwareFamily": "DarkComet",
 "requestUri": "/app/sso/abcdefg12345/sso/saml"
 "credentialProvider": "OKTA",
"login": "user_to_disable_mfa",
"displayName": "Example Corporation"
"requestUri": "/app/sso/abcdefg12345/sso/saml",
"displayName": "Example Corporation"
"threatActor": "FinFisher Developers"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
 "id": "00u1abc23DEFG456HIJK"
"authenticationMethod": "PASSWORD"
"displayName": "John Doe",
"displayName": "Example Corporation"
"displayName": "Example Corporation"
"threatActor": "FinFisher Developers"
"id": "XnRn8Q8GG4qfP-4D5zH4wAAAABI"
 "id": "00u1abc23DEFG456HIJK"
"authenticationMethod": "PASSWORD"
"displayName": "John Doe",
"displayName": "Example Corporation"
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",
 "authenticationStep": 1,
"type": "File Hash (MD5)"
 "id": "00u1abc23DEFG456HIJK"
Bytes Received: 1024
"displayName": "Example Corporation"
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
"login": "user_to_disable_mfa",
 "ioc": "hxxp://badwebsite.com/malware/download.exe"
 "id": "23456789"
ioc": "44d88612fea8a8f36de82e1278abb02f",

Add context to data pipelines with streaming intelligence

As part of Abstract’s data fabric leverage no-code ETL to enrich events with real time threat intelligence, enhancing detection accuracy and relevancy.

hxxps://example.com/malicious/file.zip
user.authentication.sso
10.10.10.10
192.168.1.1
293.0.113.5
hxxps://example.com/malicious/file.zip
user.authentication.sso
293.0.113.5
293.0.113.5
293.0.113.5
203.0.113.5
evilwebsite.org
293.0.113.5
44d88612fea8a8f36de82e1278abb02f
10.10.10.10
evilwebsite.org
293.0.113.5
44d88612fea8a8f36de82e1278abb02f
293.0.113.5
"threatActor": "Wizard Spider"
192.168.1.1
Known Good
192.168.1.1
"threatActor": "Wizard Spider"
293.0.113.5
"threatActor": "Wizard Spider"
293.0.113.5
Known Good
293.0.113.5
"threatActor": "Wizard Spider"
10.0.0.5
authenticationProvider": "OKTA"
IOC
malicious-domain.com TrickBot
10.10.10.10
Known Good
293.0.113.5
"threatActor": "APT29 (Cozy Bear)"
10.0.0.5
authenticationProvider": "OKTA"
IOC
malicious-domain.com TrickBot
293.0.113.5
Known Good
293.0.113.5
"threatActor": "APT29 (Cozy Bear)"

Supercharge analytics and correlate events against known threat actors

Seamlessly correlates events to known adversary infrastructure, providing real time insights into security breaches and outpacing adversary breakout times.

Network Logon
Access Denied
Node Shutdown
Access Granted
Detection: Ransomware Detected
Detection: Threat Actor Activity
Detection: Actor TTP Identified

Robust Integrations available in minutes

High quality threat intelligence through partnerships & integration for key intelligence vendors. Configure, ingest, and operationalize in minutes.

Support for key intelligence vendors
Upload in-house intelligence

CHECK OUT ABSTRACT CANVAS - THREAT INTELLIGENCE:
THE NEXT EVOLUTION

START CORRELATING TODAY

Abstract is a unified security analytics platform built by industry veterans working at the intersection of AI and Cybersecurity
Meet with the founding team and learn about how Abstract Security will fundamentally shift the way security teams collect, analyze, and manage cyber security data.
















We only collect analytics essential to ensuring smooth operation of our services.
PreferencesDenyAcceptPrivacy Policy