Product: Transform Your Cybersecurity Operations with Our Hybrid AI-CTI Solution

How Much Do You Really Know About Your Surroundings?

In today's world, intelligence is power, but relying on a general intelligence program may leave you in the dark. Why not opt for a UAE, tailored to your specific needs and powered by cutting-edge AI analytics and a GPT-engineered chatbot?

Why Settle for a US-Based Intelligence Program?

Global intelligence programs like CrowdStrike and Anomaly are heavily regulated. They operate within strict boundaries and provide geo-location-tailored feeds that may not always align with your unique requirements. If an intelligence program or company is based in the US, how much leverage do you think they'll give other countries over their intelligence data?

Data Is the New Gold.

Why not work with a support team that tailors intelligence data to your specific use cases, available on-demand?

What Are Other Governments Doing?

Nations like the US, China, Japan, Russia, and even the Gulf regions are gearing up for the new age of intelligence. The UAE has positioned itself at the forefront as well, but there’s more work to be done.

Who Educates Senior Management and Officials?

How much do your senior management and officials really understand about the intelligence they receive? Who breaks it down for them? Who trains them to make informed decisions? Advisory services are essential, but they must be tailored to what is truly happening on the ground.

The Future Is Research-Based, Niche Intelligence Programs.

Government entities must evolve towards intelligence programs that are research-driven and niche-specific, designed to create actionable insights for those who need it most.

كم تعرف حقًا عن محيطك؟

في عالم اليوم، الاستخبارات هي القوة، لكن الاعتماد على برامج الاستخبارات العامة قد يتركك في الظلام. لماذا لا تختار برنامجًا استخباراتيًا في الإمارات مصممًا خصيصًا لاحتياجاتك ويعمل بتقنيات الذكاء الاصطناعي المتقدمة وروبوت محادثة مدعوم بـ GPT؟

لماذا الاعتماد على برنامج استخباراتي قائم في الولايات المتحدة؟

برامج الاستخبارات العالمية مثل CrowdStrike وAnomaly تخضع لتنظيمات صارمة. فهي تعمل ضمن حدود محددة وتقدم بيانات معدة بناءً على الموقع الجغرافي، قد لا تتماشى دائمًا مع احتياجاتك الخاصة. إذا كان برنامج أو شركة استخبارات مقرها في الولايات المتحدة، فإلى أي مدى تعتقد أنهم سيمنحون الدول الأخرى النفوذ على بياناتهم الاستخباراتية؟

البيانات هي الذهب الجديد.

لماذا لا تعمل مع فريق دعم يقوم بتخصيص البيانات الاستخباراتية لتناسب حالات الاستخدام الخاصة بك، ويكون متاحًا عند الطلب؟

ماذا تفعل الحكومات الأخرى؟

الدول مثل الولايات المتحدة والصين واليابان وروسيا وحتى مناطق الخليج تستعد للعصر الجديد من الاستخبارات. وقد وضعت الإمارات نفسها في المقدمة أيضًا، ولكن هناك المزيد من العمل الذي يجب القيام به.

من يقوم بتثقيف الإدارة العليا والمسؤولين؟

كم تفهم إدارتك العليا والمسؤولون حقًا عن الاستخبارات التي يتلقونها؟ من يقوم بتبسيط هذه البيانات لهم؟ من يدربهم على اتخاذ القرارات المستنيرة؟ خدمات الاستشارات ضرورية، ولكن يجب أن تكون مخصصة لما يحدث بالفعل على الأرض.

المستقبل هو برامج استخبارات متخصصة قائمة على الأبحاث.

يجب أن تتطور الجهات الحكومية نحو برامج استخباراتية مدفوعة بالأبحاث ومتخصصة، مصممة لتقديم رؤى قابلة للتنفيذ لأولئك الذين يحتاجونها حقًا.

Security operations can be divided into two essential components: human and machine.

The machine component is centered around automation, traditionally driven by databases and logical rules. In modern security operations, this has evolved to incorporate AI, particularly through large language models (LLMs), which combine logic and data processing into a powerful automated system. Machines are responsible for executing predefined tasks, analyzing data streams, and responding to threats automatically.

The human component involves the expertise, judgment, and decision-making capabilities of people. Security professionals—such as managers, architects, engineers, and analysts—are responsible for configuring and overseeing the machines. Humans are essential for setting security objectives, defining policies, and determining the specific use cases that the tools need to address. This requires continuous learning, staying informed about the latest threats, and understanding how global and industry-specific events impact their organization.

In a Security Operations Center (SOC), machines (tools) and humans (experts) must work together seamlessly. Machines provide the speed and efficiency needed to process vast amounts of data, while humans offer the critical thinking and contextual understanding necessary to interpret and act on that data effectively.

While machines enhance their capabilities by integrating data through APIs, humans must build their knowledge by studying articles, journals, and delving into region-specific, sector-specific, and organization-specific incidents. This knowledge allows them to configure and control the machines effectively, ensuring that the SOC can identify, protect against, detect, and respond to threats in a coordinated manner.

In essence, machines provide the automation, but it is the human element that gives direction, context, and strategic oversight, ensuring that security operations are not just reactive, but proactive and aligned with the organization's goals.

1. Recent Attacks: Identify the latest attacks targeting our country in the past week and month.
2. Threat Actors & Vulnerabilities:
3. • Identify threat actors targeting our country.
   • Highlight the vulnerabilities they exploit and their exploitation rates.
3. Tools & Malware: Outline the tools and malware used by these threat actors against our sector.
4. Critical Vulnerabilities: Focus on critical vulnerabilities in key sectors like government and health.
5. CVE Trends:
6. • Provide CVE trends for the past 30 days, 90 days, and 1 year in government, health, and finance sectors.
6. Threat Actor Trends: Show global threat actor activity trends relevant to our sector.
7. Sector-Specific Trends:
8. • Present a 1-year trend of threat actors targeting our sector.
   • Show a 1-year trend of CVE exploits in our sector.
8. Incident Activities: List incident activities in our country over the last 30 days, 90 days, and 1 year.
9. Asset Mentions:
10. • Identify organization assets mentioned in the news.
    • Provide additional correlated information if available.
10. Long-Term Trends:
11. • Present 5-year trends of actors, vulnerabilities, and tools in our sector.
    • Show a 10-year trend of vulnerabilities used against specific assets, including related countries, malware, services, or tools.

This documentation outlines the usage of various API endpoints provided by our service, detailing the HTTP requests to interact with the server. Each section includes descriptions, headers, request body specifications, and example commands for both curl and Python requests.

Authentication

Every API request must include authentication headers. Use your API key as follows:

Header:

• Authorization: ApiKey {your_api_key}

Replace {your_api_key} with your actual API key to authenticate your requests.

Content-Type

Specify the content type for your requests with:

• Content-Type: application/json

Endpoint 1: List All Feeds

Description:
This endpoint retrieves a list of all possible indicators used in articles.

URL: POST https://xxx-488bb751910ac9c6a.researchbus.com/api/all_feed

Headers:

• Authorization: ApiKey {api_key}
• Content-Type: application/json

Request Body:

{
"limit": 100,
"timer": "2020-01-01T00:00:00"
}

Curl Example:

curl -X POST -k https://xxx-488bb751910ac9c6a.researchbus.com/api/all_feed \
-H "Authorization: ApiKey {api_key}" \
-H "Content-Type: application/json" \
-d '{"limit": 100, "timer": "2020-01-01T00:00:00"}' | jq

Response:

{
"status": "success",
"data": [
// List of indicators
]
}
Endpoint 2: Create Tailored Use Case Intelligence

Description:
Create intelligence feeds tailored for specific organizational needs, such as tracking CVEs in specific sectors with ransomware involvement.

URL: POST https://xxx-488bb751910ac9c6a.researchbus.com/api/rule

Headers:

• Authorization: ApiKey {api_key}
• Content-Type: application/json

Request Body Examples:

{
"limit": 100,
"timer": "2020-01-01T00:00:00",
"rule": "cve: * AND sector: government AND malware_type: ransomware"
}
{
"limit": 100,
"timer": "2020-01-01T00:00:00",
"rule": "cve: CVE-2021-44228 AND sector: government AND malware_type: ransomware"
}

Curl Examples:

curl -X POST -k https://xxx-488bb751910ac9c6a.researchbus.com/api/rule \
-H "Authorization: ApiKey {api_key}" \
-H "Content-Type: application/json" \
-d '{"limit": 100, "timer": "2020-01-01T00:00:00", "rule": "cve: * AND sector: government AND malware_type: ransomware"}'

Response:

{
"status": "success",
"data": [
// Data based on the specified rule
]
}
Endpoint 3: List Specific Indicators

Description:
Retrieve feeds that contain specific fields or indicators, such as recent CVEs.

URL: POST https://xxx-488bb751910ac9c6a.researchbus.com/api/list

Headers:

• Authorization: ApiKey {api_key}
• Content-Type: application/json

Request Body:

{
"limit": 100,
"timer": "2020-01-01T00:00:00",
"indicator": "cve"
}

Curl Example:

curl -X POST -k https://xxx-488bb751910ac9c6a.researchbus.com/api/list \
-H "Authorization: ApiKey {api_key}" \
-H "Content-Type: application/json" \
-d '{"limit": 100, "timer": "2020-01-01T00:00:00", "indicator": "cve"}'

Response:

{
"status": "success",
"data": [
// List of CVEs
]
}
Endpoint 4: Query API

Description:
Query specific information based on key-value pairs, such as identifying threats by groups.

URL: POST https://xxx-488bb751910ac9c6a.researchbus.com/api/query

Headers:

• Authorization: ApiKey {api_key}
• Content-Type: application/json

Request Body:

{
"key": "threat_group",
"value": "APT28",
"limit": 10,
"time_zone": "+01:00",
"timer": "2020-04-13T00:00:00"
}

Curl Example:

curl -X POST -k https://xxx-488bb751910ac9c6a.researchbus.com/api/query

\
-H "Content-Type: application/json" \
-H "Authorization: ApiKey {api_key}" \
-d '{
"key": "threat_group",
"value": "APT28",
"limit": 10,
"time_zone": "+01:00",
"timer": "2020-04-13T00:00:00"
}'

Response:

{
"status": "success",
"results": [
// Information on threat group APT28
]
}