NovaSense SIEM Integration

NovaSense is frequently used in SIEM platforms to help identify threats. Rich information including scores, threat type, locations, and more can help SecOps teams stay ahead.

Paid Service

In order to download threats feeds for integration with SIEM platforms you need a subscription. This will allow you to export IP lists or CSV lists for SIEM platforms to give intelligent scoring (like RSA Netwitness and others).

To integrate with as many platforms as possible you may request the IPs as raw IP addresses or as md5sum'd addresses.

Available Fields

Field Example Description
IP An IP address associated with threats
Country United Kingdom The country the source IP is located in
City London The city the source IP is located in
Country ISO UK The ISO code the source IP is located in
Longitude 34.4231 The source IPs longitude
Latitude 34.4231 The source IPs latitude
ISP China Telecom The source IPs internet service provider
Hosted By The source IPs cloud or hosting platform
Organization Test Company The source IPs organization
Category malware The category of this identified threat
Probe HTTP Apache/2.4.29 (Ubuntu) The HTTP server running on the source IP (if available)
Probe Powered By PHP/5.2.4 Any additional scripting language running on the webserver (if available)
Probe SSH SSH-2.0-ROSSSH The SSH daemon running on the source IP (if available)