Threat Intelligence Solutions

RST Report Hub

All threat reports in one library. Get summaries out of the technical reports, consume it in STIX format with metadata, objects and their relations extracted

THREAT INTELLIGENCE SOLUTIONS

RST Threat Feed

The ultimate source of comprehensive knowledge about cybersecurity threats from all over the world in a ready-to-use format and the ability to enrich data using our APIs

Threat Intelligence Solutions

RST Noise Control

Filter out irrelevant indicators and identifying "known good" software, files, and network resources. RST Cloud streamlines the analysis process to eliminate False Positives in TIP, SIEM, SOAR, and XDR!

DATA ENRICHMENT SOLUTIONS

RST WHOIS API

Our API service provides parsed and normalised domain registration data in a ready-to-use format. Add WHOIS information to your data with no risk of being banned.

Get global threat intelligence context from RST Cloud

Our mission is to democratise and revolutionise the field of Cyber Threat Intelligence and make it accessible, affordable, and effective for a wider range of companies across the globe, ultimately contributing to a safer and more secure digital landscape for all

RST Threat Intelligence Engine

RST Cloud Engine

Enrichment

Many indicators come with little or no context, which can make it challenging for cybersecurity professionals to determine the appropriate course of action. This can lead to extra work as they try to assess the threat level of indicators and decide whether to action them or further investigate potential threats.

After aggregating indicators of compromise (IoCs) such as IP addresses, domain names, and file hashes from multiple sources, we add valuable context to help cybersecurity professionals more effectively assess the threat level of indicators. Our enrichment process adds the following context to indicators:

  • Threat category (e.g. phishing, malware, ransomware)
  • Malware family (e.g. Emotet, Trickbot, Ryuk)
  • Common Vulnerabilities and Exposures (CVE)
  • Threat actors (e.g. APT groups, cybercrime organizations)

We use a combination of external sources and our own proprietary methods to consistently and reliably add this context to indicators. This helps cybersecurity professionals more effectively assess the threat level of indicators and decide on appropriate courses of action quicker.

After IoCs are being aggregated from multiple sources we contextualise them by adding:

threat feed enrichment data
threat intel scoring

Scoring

Cybersecurity professionals often face a deluge of alerts on a daily basis, as hundreds of threats target organizations that rely on the internet for their daily operations. To help prioritize these alerts and focus on the most critical ones first, we use algorithms to rank every indicator with an appropriate score.

Our scoring process helps you identify the indicators that are most likely to pose a threat and should be investigated first. By sorting alerts by score, you can quickly focus on the most relevant and actionable pieces of information, helping you to streamline your workflow and more effectively protect your organization against cyber threats.

Verification

Indicators of compromise (IoCs) can be temporary or submitted incorrectly, leading to a high number of false positive detections. These false positives, as well as false negatives, can be frustrating and time-consuming for cybersecurity professionals who are trying to protect their organizations against cyber threats.

To help reduce the occurrence of false positives and false negatives, our verification engine filters out noise data that is not relevant to threat analysis. This helps to shorten investigation time and increase the efficiency of threat analysis by focusing on the most reliable and actionable indicators. By verifying the validity of IoCs, our verification process helps cybersecurity professionals more accurately assess the threat level of indicators and make more informed decisions about how to respond to potential threats.

We cross-verify indicators and perform additional sanitising checks:

Exception lists according to RFC
Publicly available cloud services (AWS, GCP, Azure and many others)
Other trusted whitelists used by the cybersecurity community
Context and reputation checks

Threat Intel Feed

RST Threat Feed is a subscription-based service that delivers indicators of compromise collected, aggregated, filtered, and scored from hundreds of threat intelligence sources. Our solution enriches indicators with comprehensive context to accelerate incident prevention and response and enables automation solutions with actionable data.


{
  {
  "ip": {
    "v4": "14.33.133.188",    - type | value
    "num": "237077948"      - value as Integer (comparison can be faster)
  },
  "fseen": 1569715200,     - first seen timestamp
  "lseen": 1569801600,     - last seen timestamp
  "collect": 1571184000,   - indicator collection timestamp
  "tags": {                                 - tags in order to categorize indicators
    "str": [
      "shellprobe",
      "generic",
      "botnet"
    ],
    "codes": [0,11,4]             - IDs of the tags
                                                    (to be used to minimize memory usage in SIEM)
  },
  "asn": {
    "num": 4766,                     - An autonomous system number related 

WHOIS API

Our WHOIS API provides registration details of a domain name. All of the WHOIS information is parsed and normalised consistently to a JSON format so it can efficiently fit in with your integrations.


{
  "status": "registered",
  "registered?": "true",
  "created_on": "2022-01-01 00:00:00",
  "updated_on": "2022-01-01 00:00:00",
  "expires_on": "2023-01-01 00:00:00",
  "age": 365,
  "registrar": "Registrar Name",
  "registrant": "Registrant Name",
  "nameservers": "ns1.domain.com,ns2.domain.com"
}        
  

Get Free Trial

Choose a product and get your trial account by email. By signing up for a free trial, you grant RST Cloud permission to contact you via the provided email address for purposes related to your trial, account management, and relevant product information.

Integrations

RST Cloud products has out-of-the-box integration with many SIEM, SOAR, TIP solutions. Additionally, you can immediately integrate RST Threat Feed with NGFW solutions to provide your network perimeter with accurate information on current cyberthreats.

FortiGate

Fortigate firewalls can directly be integrated with RST Threat Feed via API. It gives options to block or alert on access to malicious websites or IP addresses. The integration is seamless and requires no extra software to be used to configure the firewalls.

Palo Alto NGFW

Palo Alto NGFW can directly be integrated with RST Threat Feed via API. It gives options to block or alert on access to malicious websites or IP addresses. The integration is seamless and requires no extra software to be used to configure the firewalls.

IBM Qradar SIEM solution

RST Thread Feed integrated with IBM Qradar SIEM via RST Downloder agent. This agent automatically downloads all the required data and pushes it to the SIEM via API. There are options to filter indicators through its score and types, malware, tags etc

Palo Alto Cortex XSOAR

Palo Alto Cortex XSOAR can directly be integrated with RST Threat Feed via API. It gives an ability to query RST Cloud API directly from any playbook or using the war room commands.

Splunk Enterprise

RST Thread Feed integrated with Splunk. The app is published on the official Splunk marketplace and allows to automate downloading and maintenance of the feeds into Splunk.

Microsoft Sentinel

RST Thread Feed is integrated with Microsoft Sentinel SIEM via a standard STIX/TAXII integration. There are options to filter indicators through its score and types, malware, tags etc

Elastic SIEM

RST Thread Feed is integrated with Elastic SIEM solution via a custom elastic filebeat/agent configuration. There are options to filter indicators through its score and types, malware, tags etc

MISP

RST Thread Feed is integrated with MISP via a python script. There are options to filter indicators through its score and types, malware, tags etc

ArcSight ESM/Logger SIEM solution

RST Thread Feed is integrated with Arcsight ESM/Logger solutions via RST Downloder agent. There are options to filter indicators through its score and types, malware, tags etc

OpenCTI

RST Thread Feed is natively integrated with OpenCTI via API.

Cisco Firepower

Cisco Firepower can directly be integrated with RST Threat Feed via API. It gives options to block or alert on access to malicious websites or IP addresses. The integration is seamless and requires no extra software to be used to configure the firewalls.

LogRhythm Cloud SIEM

RST Thread Feed is integrated with LogRhythm via RST a standard STIX/TAXII integration. There are options to filter indicators through its score and types, malware, tags etc