iSIGHT API & SDK
Integrated Actionable Intelligence
FireEye iSIGHT API & SDK enables you to integrate the world's best cyber threat intelligence into your existing security and risk management processes and technologies.
The result? Better security and massive efficiency gains.
iSIGHT API & SDK links your security and risk management technologies to iSIGHT Cloud, which houses nearly a decade of the most comprehensive, globally-mined cyber threat intelligence available. Plus, iSIGHT API & SDK makes it simple to integrate intelligence into your protection, detection, investigation, and response processes.
Work smarter, not harder with FireEye iSIGHT Intelligence inside your key security systems.
iSIGHT Inside – Adding Intelligence To Your Security Tools
A large and growing list of security vendors have already developed out of the box integrations using iSIGHT API & SDK. Whether you want to enrich existing tools and processes, implement new intelligence-driven solutions or integrate intelligence into your homegrown system, we’ve got you covered.
iSIGHT API leverages REST and the SDK supports C, C++, C#, Perl & Python and runs on commonly used versions of Windows, RHEL.
Access to the Most Context Rich Intelligence Available
iSIGHT API & SDK provides machine-to-machine integration with the most contextually-rich threat intelligence data available in the market today. The API and SDK provide automated access to much more than indicators of compromise (IOC) – the IP addresses and domain names bad guys are using to launch attacks or control compromised systems or the file hashes that can identify malware. With iSIGHT API & SDK, you have instant access to IOCs connected to rich context so you can understand the who, what, why and even how behind security events.
What Can iSIGHT API and SDK Do For You?
The average organization generates thousands of security events every day but only has the human resources to investigate a few. How do you know which events to focus on? With iSIGHT API & SDK, you can match IOCs with events in your SIEM or security analytics platforms, cut through the noise and automate the prioritization of the events that warrant scrutiny. You can also drastically accelerate triage with context that helps you understand what you are facing. Are you dealing with cyber crime or espionage? Is this threat targeting our industry or is this likely “overspray” from a campaign targeting others?
Incident response teams are often flying blind, especially at the beginning of an incident. Who is behind this attack? What are they after? Why did they target us? Are they likely using other tactics, beyond the one that tripped the alarm? With iSIGHT API & SDK, you have direct access to rich intelligence within the IR, analytics and forensics systems you use daily. You can gain deep situational awareness with a few mouse clicks and pivot from indicators to a detailed understanding of the adversary, their historic and active campaigns, methods, infrastructures and favorite malware. You can also pivot from the indicator that tripped the alarm to related IOCs used by the adversary, understand other possible attack vectors and use your IR tools to hunt for and more completely eradicate the threat.
Vulnerability & Patch Management
Not all vulnerabilities are created equal. Some vulnerabilities are more critical than others. But how can you decide which systems to patch right now verses those that can be patched during your normal weekly, monthly or quarterly cycles? With iSIGHT API & SDK, you have access to FireEye iSIGHT Vulnerability and Exploitation data, which provides rapid access to the latest vulnerabilities – often before they appear in the National Vulnerability Database or have an assigned CVE number. You also have programmatic access to rich contextual information about the vulnerability, such as known exploits in the wild or whether threat actors are actively developing exploits, and data like CVSS scores that enable you to automate accurate prioritization decisions.
Managing firewalls and gateway devices is a daunting, time-consuming task. What’s worse, blocking the wrong thing and causing a critical system outage can be a career-limiting move. With iSIGHT API & SDK, you have access to highly-validated IOCs so you can block attacks with confidence. But let’s face it, most organizations put devices in alert rather than default block mode until they're confident the intelligence data doesn't block the wrong thing or cause false positives. An alert without context isn't protecting your systems from real threats. With iSIGHT API & SDK, rich threat intelligence is integrated directly into your security devices. You’ll receive alerts along with the context you need to make informed decisions on whether to automatically block.
Technology Integration Partners