Projects
Tue, Apr 2, 2019Envoy
Envoy is an on-premise threat intelligence platform focused on flexibility, vendor-independant feeds and easy integration.
Goals
Performance and simplicity
Envoy is designed to be scalable and performant, in order to provide the threat information consistently, and without delay.
On premise threat intelligence platform
Envoy installs in your infrastrucure, without communicating to any cloud service. Any data processing is done locally.
Vendor independant input and output
Envoy integrates out of the box with leading SIEM providers, like ArcSight, Splunk, IBM QRadar, McAfee Enterprise Security Manager. Data can also be exported in JSON, STIX or other security formats.
Data mining
Envoy uses enrichment and data mining technologies to better understand the threat landscape, and adapt the severity of the alerts based on this ever-changing context.