Logpresso & WhoisXML API: Augmenting Cyber Threat Detection and Security Operations
About
Logpresso offers a unified security operations platform for data collection, threat detection, incident investigation and response, and visualization, eliminating the need for multiple tools and improving security teams’ efficiency. The company works with key players in the security market, notably AI, CTI, NDR, and EDR vendors, to build an innovative cyber ecosystem for high-quality security operations.
Highlights
-
SIEM and other security systems need vast volumes of unique threat and adjacent contextualized data to effectively detect and prevent threats.
-
Enriching datasets with domain registration and reputation data significantly enriched cyber threat intelligence.
-
WhoisXML API domain intelligence integrated into Logpresso enabled users to boost their cyber threat detection and security operations.
Quick Identification and Contextualization of Potential Threats
As a cloud SIEM specialist company, Logpresso collects massive amounts of log and threat data from various sources and acknowledges the need for additional contextual information that can help identify actual threats like phishing and brand impersonation.
Logpresso knew it needed to constantly expand its cyber threat intelligence (CTI) services to continuously enable proactive cyber defense and allow security teams to detect threats and prioritize alerts.
Integrating Deep Domain Intelligence
Logpresso partnered with WhoisXML API, specifically leveraging its WHOIS and domain reputation data, to provide users with contextual threat information. Enriching their datasets with WHOIS data allows security teams to, for example, identify discrepancies between the registrant information of a suspicious domain and the legitimate organization it’s impersonating. Meanwhile, domain reputation scores can support the identification of domains associated with phishing campaigns or known for hosting malicious content.
“WhoisXML API is the leading provider of comprehensive domain, IP, DNS, and cyber threat intelligence. Through the collaboration between the two companies, we will provide various solutions to swiftly detect and respond to advanced cyber threats.”
Improved Threat Detection and Response
Prioritized Threat Hunting Capabilities
Integrating WhoisXML API domain reputation data into Logpresso enhances threat prioritization, enabling SIEM systems to automatically flag domains with low reputation scores for further investigation.
Enhanced Brand and Phishing Protection
WHOIS-enriched CTI services allow users to deepen investigations into domains potentially impersonating a legitimate brand, helping prevent trademark infringement and phishing.