Get QuoLab.
QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem. QuoLab merges deep analytics and intuitive workflows in a collaborative, data-centric platform.
Fuse
QuoLab fuses external threat intelligence (TI), internal data sources, and user supplied data in one comprehensive location. QuoLab automates the management of TI feeds through an extensive library of dedicated connectors, with full support for MISP, STIX, OTX, yara, and many more “open” formats. Our robust REST API allows the more enterprising to configure and manage their own data integrations, while connectors for internal security controls (SIEM, firewalls, EDRs, etc) ensure that your critical data points are being holistically tracked. And partner connectors enable deep integration with mainline products such as Splunk, Elastic and more. See our partner integration list below for more information.
Analyze
The QuoLab graph data model and analytics engine combines with powerful technical analysis tool integrations for automated content extraction, advanced malware and function analysis, mapping of historical events, detailed link analysis, custom analytics and much more.
With full integration of custom tags and the MITRE ATT&CK framework, data enrichment has never been easier. Case management and automated alerting combine with custom dashboards for efficient management of your security threat-landscape, providing a unified workspace for all members of the team regardless of work role or experience level.
Collaborate
Security professionals benefit from the experiences and insights of their peers and partners by securely and confidentially sharing case information, in the manner and to the extent that the organization desires within communities of interest. This is accomplished via the GRID, our innovative, decentralized and secure data exchange framework. Further, since our connectors support bi-directional data exchange, you can publish TI data at will – for instance within a given MISP community. When implemented at scale, QuoLab facilitates the crowdsourcing of security operations.
Platform Features
Graph Data Model
The Graph Data Model (GDM), the heart of QuoLab, is a flexible data storage catalogue where relationships between all data points are identified in their entirety. Each time a new fact is inserted into the GDM it triggers a set of automated actions – contextualizing and enriching, with all the information made immediately available to the user. Restrictive, uninspired, user defined queries through archaic databases are a thing of the past – with QuoLab all relevant content is immediately available, always up-to-date, and easily digestible by all users.
Case Management
Case Management drives collaborative investigation lifecycle management through diverse case types such as Threat Actor Profiles and Investigations. Historical data is always kept in context with the Case Graph, providing valuable insight into past and current operations that otherwise would have been overlooked. From here analysts create and launch data-centric, case based workflows leveraging diverse taxonomy, TLP classification protocols and more.
Tool Integrations
Tool integrations seamlessly allows interaction with baseline and more specialized tools, delivering an application framework which fits the needs of incident response, TI analysts and SOC operators in one. Integration examples include Shodan, VMRay, BinaryNinja as well as internal tools such as fuzzy hashing (tlsh), PE Metadata extraction, domain analysis and automated content extraction. This capability streamlines operations, making efficient use of SME capabilities, analytic resources, tools and processes.
Link Analyzer
Link analysis is the visual gateway into your data, moving beyond a single artifact into looking at how each part fits into the whole- tracking and contextualizing relationships between elements, data and users. The value provided from automated tagging, static and dynamic analysis results (e.g. VMRay and BinaryNinja) is rendered along with all relevant data feeds in the Link Analyzer, providing an easily consumed view on highly technical data points.
Dashboards
Dashboards inform and advise users on all aspects of their QuoLab instance, providing not only the number of artifacts, case types, and enrichment points but also strategic information on the value provided by a given Threat Intelligence feed or internal security control. These dashboards are customizable, with all data points in the platform being tracked and represented in concise, easy to read charts and graphs.
Integration Partners
Mcafee
Product Integration
McAfee Enterprise Security Manager is a security information and event management (SIEM) solution.
Everything about McAfee
Splunk
Product Integration
Splunk Enterprise Security (ES) is an analytics-driven SIEM made of five distinct frameworks that can be leveraged independently to meet a wide range of security.
Everything about Splunk
ATT&CK
Product Integration
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Everything about MITRE ATT&CK
Domain Tools
Threat Intelligence Feed
DomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment.
Everything about Domain Tools
Alien Vault
Threat Intelligence Feed
The AlienVault Open Threat Exchange (OTX) is the world’s most authoritative open threat information sharing and analysis network.
Everything about Alien Vault
BinaryNinja
Intel 471
Threat Intelligence Feed
Intel 471 provides adversary and malware intelligence for leading security, fraud and intelligence teams.
Everything about Intel 471
Lastline
Product Integration
Lastline Analyst™ provides your threat analysts and incident response teams with the advanced malware inspection and isolation environment.
Everything about Lastline
Logpoint
Product Integration
LogPoint is a Security Information and Event Management (SIEM) solution, extracting existing log data and reporting on all critical incidents.
Everything about Logpoint
Maltego
Threat Analysis Tools
Maltego is a popular commercial tool used by Threat Intelligence Analysts, running as a GUI application on desktops, that is used to gather, interrogate and visualize data.
Everything about Maltego
Maxmind
Threat Intelligence Feeds
MaxMind’s GeoIP2 Databases provide IP intelligence data for high volume, low latency environments.
Everything about Maxmind
Misp
Threat Intelligence Feeds
The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.
Everything about Misp
NSRL
Threat Intelligence
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information.
Everything about NSRL
IBM
Reversing Labs
Threat Intelligence Feeds
Undetected malware lurks in files across organizations, unknown and unseen by current security tools.
Everything about Reversing Labs
RSS
Threat Intelligence Feeds
RSS s a type of web feed which allows users and applications to access updates to online content in a standardized, computer-readable format.
Everything about RSS
Stix
Threat Intelligence Feeds
STIX TAXII or Structured Threat Information Expression and Trusted Automated eXchange of Indicator Information are community-supported specifications designed to enable automated information.
Everything about Stix
Taxii
Threat Intelligence Feeds
STIX TAXII or Structured Threat Information Expression and Trusted Automated eXchange of Indicator Information are community-supported specifications designed to enable automated information.
Everything about Taxii
Tor
TorProject
Tor is free and open-source software for enabling anonymous communication
Everything about Tor
Virus Total
Product Integration
Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
Everything about Virus Total
VM Ray
Product Integration
VMRay is leading change in the Automated Malware Analysis market with its revolutionary approach to threat analysis and detection.
Everything about VM Ray
Shodan
Product Integration
Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters.
Everything about Shodan