Track emerging threats with Leo, Feedly’s AI Engine – Feedly Blog

The main of Feedly for Threat Intelligence is an AI engine, called Leo, that immediately gathers, analyzes, and prioritizes intelligence from thousands and thousands of sources in real-time.

In this post, we’ll exhibit you how to use Leo to:

• Keep track of important vulnerabilities and zero-days
• Study the behavior of precise menace actors and malware people
• Have an understanding of the danger landscape close to your market
• Keep track of specialized niche cybersecurity topics

https://www.youtube.com/look at?v=yGPd-VegSI4

In advance of we glimpse at all those 4 use situations, let’s get started with a brief overview of how Leo is effective.

Fulfill Leo, Feedly’s AI Motor

Leo reads tens of millions of content, experiences, and social media posts each individual working day and quickly tags key danger intelligence principles: important vulnerabilities, malware households, risk actors, indicators of compromise, ATT&CK procedures, businesses, suppliers, industries, etcetera.

All this facts is at your fingertips in around genuine-time by using a effective and intuitive search and monitoring interface known as Leo Internet Alerts.

Curious how it operates? Let’s get a glance at a Leo World wide web Notify created to observe critical vulnerabilities and zero-times relevant to Cisco Techniques:

Generating a Leo Internet Notify is a 3-phase procedure:

1. Use Leo Concepts to define the intelligence you want to acquire. In our illustration, we use the ‘High Vulnerability’ and ‘Cisco Systems’ Leo Principles to uncover new critical vulnerabilities similar to Cisco Units.
2. Use AND, OR, NOT operators to combine multiple Leo Principles and refine your concentration. In our instance, we use AND to track content articles and reviews that reference both of those ‘High Vulnerabilities’ and ‘Cisco Systems’.
3. If necessary, refine resources with your own reliable sources. By default, Leo Web Alerts will look for across the Cybersecurity Bundle (a assortment of 50,000+ safety information sources, threat research weblogs, newsletters, seller advisories, authorities companies, vulnerability databases, CISO magazines, and Reddit communities curated collectively by 200,000 cyber specialists working with Feedly and partitioned by Leo into a few tiers based mostly on reputation and authority).

Leo Website Alerts are feeds you can incorporate to a crew or individual folder. New content, reviews, or social media posts matching the specified Leo Principles will seem in the Leo World-wide-web Warn feed.

The electricity of Leo World-wide-web Alerts is that ‘High Vulnerability’ and ‘Cisco Systems’ are not easy search term matches. These Leo Concepts are equipment mastering versions that encapsulate a broader comprehending of every idea:

• ‘High Vulnerability’ is a Leo Idea that tracks vulnerabilities with a CVSS rating higher than 8 or a CVSS rating over 5 that involves a known exploit. If the vulnerability does not have a CVSS score still, a device understanding design is utilized to forecast the CVSS rating primarily based on the descriptions of the vulnerability. Master far more
• ‘Cisco Systems’ is a ‘Company’ Leo Strategy that tracks for mentions of Cisco by its name or any recognized aliases. When the enterprise name is ambiguous, a disambiguation product is utilised to eliminate wrong positives.

Without Leo Concepts, accumulating intelligence would call for a tiresome work of striving to uncover a very long listing of the right keywords, leaving space for blind places and plenty of irrelevant results.

Feedly for Danger Intelligence will come with a broad selection of pre-educated Leo Principles so that you can very easily translate your intelligence wants into Leo Net Alerts.

Let’s see how we can mix these Leo Ideas to proactively observe particular threats and remain a single stage ahead of your adversaries.

Study the conduct of unique risk actors and malware households

Monitoring the actions of danger actors and malware people can be wearisome and overpowering, getting up valuable time that could be put in hunting for destructive exercise in your setting.

Which is why Feedly has produced a set of Leo Concepts that immediately tag threat actors, malware families, TTPs, and IoCs.

Let’s take a appear at a Leo World wide web Alert intended to observe the most recent IoCs and TTPs associated to Lazarus Group throughout risk intelligence experiences printed on the web:

• ‘Lazarus Group’ is a ‘Threat Actor’ Leo Principle run by Malpedia that tracks mentions of the menace actor by title or its several aliases. Learn much more
• ‘Indicators of Compromise’ is a Leo Principle that tracks malicious URLs, IPs, e mail addresses, domains, and hashes. Master more
• ‘Tactics & Techniques’ is a Leo Idea run by the Mitre ATT&CK v10 framework that tracks practices, approaches, and sub-methods and their associations. Master additional
• ‘Threat Intelligence Report’ is a Leo Strategy that flags intel reports containing in-depth complex information about IoCs, TTPs, threat actors, and malware. Learn extra

Here are some added Leo Concepts you can use to broaden or slender your risk profiling:

Fully grasp the threat landscape all over your field

Keeping up to day with the hottest assaults in opposition to your marketplace can help you be greater well prepared when putting defenses in location, as properly as assist you discover about which menace actors to look out for so you can be much more targeted when accumulating intelligence.

Let us choose a glimpse at a Leo World-wide-web Alert designed to gather intelligence about cyber assaults in the finance market:

• ‘Cyber Attacks’ is a Leo Strategy that tracks instances of cyber attacks and attempts to establish who or what the focus on of the assault is. Understand additional
• ‘Finance Industry’ is an ‘Industry’ Leo Notion that classifies articles or blog posts relevant to the finance marketplace based mostly on enterprise mentions and terminology. Find out much more

You can also very easily slim your aim on a unique kind of assault:

Monitor significant vulnerabilities and zero-days

Manually retaining ahead of new vulnerabilities and zero-times is an unachievable task, but you can set up Leo World-wide-web Alerts to support you stay up to day on new vulnerabilities that arrive across the radar of the global cybersecurity local community.

Feedly aggregates vulnerability info from NVD and over 20 vendor advisory websites — as very well as checking numerous resources to find exploits for every single CVE — in around serious-time.

Let’s acquire a glimpse at a Leo World wide web Warn made to surface important vulnerabilities and zero-days linked to a seller deployed in your ecosystem:

When you learn a new CVE, you can use the CVE intelligence card to get a 360 degree view of that vulnerability and choose if you must generate a ticket for your response workforce.

Monitor niche cybersecurity topics

You can also use Leo Website Alerts to keep track of specialized niche cybersecurity matters.

Let us take a search at a Leo World-wide-web Warn built to obtain intelligence about destructive, compromised, or hijacked offers:

Below are some further Leo Concepts you can use to track area of interest cybersecurity subjects:

Obtaining smarter each individual working day

The world’s foremost cybersecurity groups use Feedly for their OSINT, so the product or service regularly enhances based on their opinions.

Here is a roadmap of some of the new Leo Concepts we are researching:

Feedly for Risk Intelligence clients can achieve out to us at [email protected] to give opinions on bettering existing Leo Principles or generating new kinds to guarantee that Feedly is performing at full capacity to serve your Danger Intelligence wants.