FireEye has announced ThreatPursuit Virtual Machine (VM), an open-sourced Windows-based distribution focused on threat hunting and intelligence.
ThreatPursuit VM uses Boxstarter, Chocolatey and MyGet packages to install software that supports threat hunters and intelligence analysts, FireEye noted. It provides access to various threat hunting and intelligence tools, including:
- Analytics
- Statistics
- Visualizations
- Malware triage
- Threat modeling
Threat hunters and intelligence analysts can use ThreatPursuit VM to assess security data and identify, study and triage previously undiscovered or emerging threats, according to FireEye. That way, they can gain security insights and find ways to optimize their threat detection mechanisms and response.
What Does ThreatPursuit VM Offer?
ThreatPursuit VM empowers threat hunters and intelligence analysts to:
- Perform hunting activities or missions
- Create adversarial playbooks
- Evaluate forensic artifacts and elements
- Emulate offensive security techniques
- Gain situational awareness via intelligence sharing and reporting
- Applied data science techniques and visualize security data
- Leverage open intelligence sources to retrieve security insights
ThreatPursuit VM is now available, and FireEye recommends it be installed in a VM.
FireEye Launches SaaS Threat Intelligence Platform
Along with introducing ThreatPursuit VM, FireEye last month released Mandiant Advantage: Threat Intelligence, a SaaS platform that provides security data and insights into cyber threats from around the world.
Mandiant Advantage empowers security teams with breach data as threats emerge, according to FireEye. As such, it enables these teams to augment and automate their security activities.
In addition, Mandiant Advantage allows security teams to prioritize vulnerabilities and monitor the dark web, FireEye indicated. It also helps these teams generate insights that they can use to make informed security investments.