SurfWatch
Analytics API
Understand Your Cyber Risks In Complete Context

POWER YOUR CYBER DEFENSE WITH PRACTICAL,
EVALUATED CYBER THREAT INTELLIGENCE

The SurfWatch Analytics API provides strategic and operational cyber threat intelligence that feeds directly into your existing environment. SurfWatch continuously collects, standardizes and analyzes cyber-related information from social media, news and blogs, threat, phishing and vulnerability feeds, Dark Web markets and forums, paste sites, security vendors, and end users, to deliver highly relevant, timely and evaluated threat intelligence that seamlessly integrates with your environment.

Advanced Cyber Business Intelligence Analysis
Starts with the CyberFact™

Through the proprietary SurfWatch CyberFact Data Model, raw cyber event information is automatically transformed into CyberFacts, which tell you who's behind the attack, what they're targeting, what the impact is and how the attack is being executed. Associated with every CyberFact are Industry Target Tags, which describe the business or organization most impacted by the event.

CyberFact Data Model

Actor

Who conducted/will conduct the attack?

  • State-sponsored
  • Organized Crime
  • Hacktivist

Target

What was specifically targeted in the attack?

  • POS Systems/Software
  • Cloud Services/Applications
  • Wireless Networks

Effect

What occurred as a result of the attack?

  • Data Stolen/Leaked
  • Vandalism
  • Device Hijack

Practice

What method was used to carry out the attack?

  • Social Engineering
  • Espionage
  • Network Intrusion
Light bulb

Get Answers To Your Cybersecurity Questions with CyberInsights

CyberInsights are CyberFacts analyzed by a combination of proprietary risk analytics and expert human intelligence. Now you can answer cybersecurity questions such as "What risks should my business worry about most?"

SEAMLESSLY INTEGRATE CYBER RISK ANALYTICS WITH YOUR SIEM

The SurfWatch Analytics API delivers threat intelligence in JSON format over REST by either pushing to your designated endpoint in real time or available to query. The intel can be easily integrated with your Splunk implementation, as well as with other cyber security tools, to compare relevant, external-facing threats to what you're seeing inside your network. With the API you get:

  • 100 queries per minute
  • JSON data format
  • Compressed data transport
  • Instant delivery of all CyberFacts and CyberInsights to your servers
  • Real-time data delivered over HTTP Post
  • Queried data accessed by HTTP GET
  • Threat intel feed available in STIX/TAXII formats
SurfWatch Analytics API seamlessly integrates with Splunk or other SIEMs or security tools.