QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem. QuoLab merges deep analytics and intuitive workflows in a collaborative, data-centric platform.
QuoLab fuses external threat intelligence (TI), internal data sources, and user supplied data in one comprehensive location. QuoLab automates the management of TI feeds through an extensive library of dedicated connectors, with full support for MISP, STIX, OTX, yara, and many more “open” formats. Our robust REST API allows the more enterprising to configure and manage their own data integrations, while connectors for internal security controls (SIEM, firewalls, EDRs, etc) ensure that your critical data points are being holistically tracked. And partner connectors enable deep integration with mainline products such as Splunk, Elastic and more. See our partner integration list below for more information.
The QuoLab graph data model and analytics engine combines with powerful technical analysis tool integrations for automated content extraction, advanced malware and function analysis, mapping of historical events, detailed link analysis, custom analytics and much more.
With full integration of custom tags and the MITRE ATT&CK framework, data enrichment has never been easier. Case management and automated alerting combine with custom dashboards for efficient management of your security threat-landscape, providing a unified workspace for all members of the team regardless of work role or experience level.
Security professionals benefit from the experiences and insights of their peers and partners by securely and confidentially sharing case information, in the manner and to the extent that the organization desires within communities of interest. This is accomplished via the GRID, our innovative, decentralized and secure data exchange framework. Further, since our connectors support bi-directional data exchange, you can publish TI data at will – for instance within a given MISP community. When implemented at scale, QuoLab facilitates the crowdsourcing of security operations.
Case Management drives collaborative investigation lifecycle management through diverse case types such as Threat Actor Profiles and Investigations. Historical data is always kept in context with the Case Graph, providing valuable insight into past and current operations that otherwise would have been overlooked. From here analysts create and launch data-centric, case based workflows leveraging diverse taxonomy, TLP classification protocols and more.
Tool integrations seamlessly allows interaction with baseline and more specialized tools, delivering an application framework which fits the needs of incident response, TI analysts and SOC operators in one. Integration examples include Shodan, VMRay, BinaryNinja as well as internal tools such as fuzzy hashing (tlsh), PE Metadata extraction, domain analysis and automated content extraction. This capability streamlines operations, making efficient use of SME capabilities, analytic resources, tools and processes.
Link analysis is the visual gateway into your data, moving beyond a single artifact into looking at how each part fits into the whole- tracking and contextualizing relationships between elements, data and users. The value provided from automated tagging, static and dynamic analysis results (e.g. VMRay and BinaryNinja) is rendered along with all relevant data feeds in the Link Analyzer, providing an easily consumed view on highly technical data points.
Dashboards inform and advise users on all aspects of their QuoLab instance, providing not only the number of artifacts, case types, and enrichment points but also strategic information on the value provided by a given Threat Intelligence feed or internal security control. These dashboards are customizable, with all data points in the platform being tracked and represented in concise, easy to read charts and graphs.