Back

Anomali

COMING SOON

TIP

Read Docs
Read Datasheet
OVERVIEW
SpyCloud’s integration with Anomali empowers security teams to enrich threat intelligence workflows with actionable identity exposure data from the criminal underground. By incorporating SpyCloud’s recaptured breach and malware data into Anomali’s platform, organizations gain deeper visibility into compromised employee credentials and other identity indicators that signal risk. This integration helps threat intelligence and SOC teams correlate identity-related exposures with broader threat activity, prioritize investigations, and accelerate incident response.
BENEFITS
  • Accelerate Response
    Reduce MTTD and MTTR by acting on malware‑infected devices before identity theft or ransomware can escalate.
  • Enhance Detection
    Detect infostealer malware and identity exposures that evade traditional EDR, extending you team’s visibility
  • Prevent Lateral Movement
    Automatically isolate compromised endpoints to limit malicious activity and block common ransomware entry points.
  • Flexible Workflows
    Route alerts to Slack, Jira, or email and integrate with incident response tooling to fit your organizational processes.
SEE IT IN ACTION
SCREENSHOTS
Detected user asset cybersecurity malware protection diagram, SpyCloud Compass, threat detection, and response flow.
HOW IT WORKS
  • Detect Identity‑Sourced Malware Signals
    SpyCloud monitors recaptured darknet data for stolen identity artifacts (e.g., plaintext credentials, session cookies/tokens) tied to devices in your Falcon environment.
  • Correlate with Falcon Endpoints
    Enriched identity data rom SpyCloud is mapped to host metadata (hostname, device ID, user) within Falcon so you can understand which device and user are impacted.
  • Alert and Enrich SOC Workflows
    Alerts are generated and routed into your tracking and response channels to give SOC teams high‑confidence signals tied to identity exposures.
  • Contain and Remediate
    Use Falcon’s containment capabilities to isolate compromised endpoints, initiate remote memory dumps, revoke sessions, reset exposed credentials, and trigger broader incident response playbooks.
  • Report and Measure
    Track metrics like compromised devices, matched identity artifacts, isolation timelines, and remediation actions to validate detection efficacy and improve SOC processes.
Key Capabilities
  • Daily Compromise Reports
    See lists of compromised endpoints and recaptured identity artifacts (including hostnames, usernames, IP addresses, and infection details) matched to your environment.
  • Customizable Containment
    Define rules to automatically isolate infected devices or funnel events through manual review before quarantine. Your response, your rules.
  • Remote Memory Dump Support
    Trigger memory dumps on suspect endpoints from within Falcon using device ID and receive confirmation upon completion.
  • Adjustable Time Window
    Filter and search malware exposure data by date range to surface the most relevant recent events.