1. Setup
Connect Intezer to your EDR, SOAR, and other alert sources using an API key or a SOAR plugin (no installation required).
2. Collection & Analysis
When your connected tools trigger a new alert, Intezer collects relevant information and scans artifacts such as files, URLs, IPs, and memory images.
Intezer analyzes all this collected data using multiple engines, including sandboxing, disassembly, code analysis, network analysis, and memory analysis. The analysis output is correlated against a genetic database containing threats, benign software, and organization alert history to identify code similarities, behavior similarities, and TTPs.
3. Triage
Intezer makes decisions based on the analysis output, reducing false positives while classifying and prioritizing actual incidents. It seamlessly integrates with your existing workflows by pushing triage insights directly to your EDR, SOAR, SIEM, and case-management systems.
4. Response
Get recommended actions, IOCs, and detection content to remediate and recover quickly. Use exclusion instructions to tune your detection tools. Your teams have full visibility into Intezer’s analysis for any alert, so they can review or investigate further if needed.
An Auto Alert Remediation can be configured to reduce automatically the workload on the team.
5. Threat Hunting
Generate detection rules for threats of interest and emerging threats from Intezer’s threat intelligence to hunt for threats in your environment proactively.