Anomalies, tags, and integrations
This weeks release brings a set of new features to both our enterprise and SaaS clients.
Anomaly detection
At BinaryEdge we collect a lot of data from network of sensors spread worldwide, we provide this stream of data in realtime to enterprise clients, it's a lot of traffic from all over the world and it can sometimes be a bit overwhelming to see if there is "something weird" happening vs what is the baseline for this data.
For that reason we decided to start providing everyone with an anomaly system that works in realtime.
We are starting with a restricted set of anomalies, namely:
1 - Country - Port combination - this type of anomaly tells you when there is a certain port being scanned more in a specific country.
2 - World - Port combination - In case a spike in a specific port is seen worldwide.
Over the next week we will be rolling out:
3 - IP Address - If there is a spike in events coming from a specific IP address.
4 - Payload - if we are seeing a certain payload being used for the first time - this is useful to quickly identify new exploits being used.
5 - HTTP Paths - alternative HTTP paths being requested.
There are mainly two types of events, high and ultra. These are classifications of the severity of the anomaly.
What is this useful for ?
-
You get early warning of people scanning for new /different things
-
Curated notifications of new payloads detected will give you the ability to notice when something new is being exploited
-
Fast way of seeing what is being most scanned worldwide or targetting a specific country without having the need to do complicated queries
So how can you see these anomalies?
If you are a SaaS user, on our slack you can now access a channel called #sensor-events in there you will find that all of our "ultra" events are posted to the channel.
If you are an enterprise client, you will soon see these events show in your sinkhole realtime stream along with the rest of the events of the sensors, and if you filter by sinkhole_alert you can see just these!
As an enterprise client you get a much more granular access, as you will be able to see high events while the SaaS users will only see the ultras.
To celebrate the release of this feature we are releasing a promo code for https://app.binaryedge.io - use promo code ANOMALY for 25% discount for 6 months! Code valid until end of April 2019!
Sensor Tags
We have added new tags to our sensors thanks to our amazing community! We now have a total of 148 tags all complete with descriptions, with new ones being added weekly!
Want to contribute? Join our slack we have our reward system in place to provide you with extra credits!
Integrations
Last week two amazing tools integrated the BinaryEdge SaaS API! We are very happy to have joined the ecosystem of these tools!
1 - Intrigue.io - Developed by @jcran
Added an initial @binaryedgeio integration thanks to @Balgan! Quick demo here: https://t.co/rczD1ae3d7
— Intrigue.io (@Intrigueio) March 27, 2019
2 - Spiderfoot - Developed by @binarypool
Finally finished the SpiderFoot module to query @binaryedgeio for passive DNS, open ports, torrents, vulnerabilities and breaches. That takes SpiderFoot's module count to just shy of 160: https://t.co/RYGfybepvM #OSINT pic.twitter.com/qVr31rN0Yt
— Steve Micallef (@binarypool) April 8, 2019