NovaSense SIEM Integration
NovaSense is frequently used in SIEM platforms to help identify threats. Rich information including scores, threat type, locations, and more can help SecOps teams stay ahead.
Paid Service
In order to download threats feeds for integration with SIEM platforms you need a subscription. This will allow you to export IP lists or CSV lists for SIEM platforms to give intelligent scoring (like RSA Netwitness and others).
To integrate with as many platforms as possible you may request the IPs as raw IP addresses or as md5sum'd addresses.
To integrate with as many platforms as possible you may request the IPs as raw IP addresses or as md5sum'd addresses.
Available Fields
| Field | Example | Description |
|---|---|---|
| IP | 10.11.12.13 | An IP address associated with threats |
| Country | United Kingdom | The country the source IP is located in |
| City | London | The city the source IP is located in |
| Country ISO | UK | The ISO code the source IP is located in |
| Longitude | 34.4231 | The source IPs longitude |
| Latitude | 34.4231 | The source IPs latitude |
| ISP | China Telecom | The source IPs internet service provider |
| Hosted By | Amazon.com | The source IPs cloud or hosting platform |
| Organization | Test Company | The source IPs organization |
| Category | malware | The category of this identified threat |
| Probe HTTP | Apache/2.4.29 (Ubuntu) | The HTTP server running on the source IP (if available) |
| Probe Powered By | PHP/5.2.4 | Any additional scripting language running on the webserver (if available) |
| Probe SSH | SSH-2.0-ROSSSH | The SSH daemon running on the source IP (if available) |