Resolve security incidents faster with contextualized threat intelligence
Envoy is an cyber threat feed aggregator and analysis engine.Run locally using Docker Sign up free for Envoy Cloud
Envoy adds context to the collected threat data and uses automation to integrate with your existing security tools.
It runs on-premise using Docker or in the cloud as a SaaS application.
Threat Intelligence in a container
Envoy is an on-premise threat intelligence aggregator and analysis engine, with the goal to provide accurate and contextualized threat intelligence data.
The software is delivered as 1 Docker container, to allow for scale and resiliency.
With just 2 simple commands you can host Envoy in your organization's network.
There is no phone home - your data stays with you.
There is no special hardware needed or complex setup procedure.
Input and output format flexibility
At the heart of the software it's the multiple-input, multiple-output format support.
The flexibility to take data from CSV, JSON, CEF, STIX, TAXII, MISP and other formats allows data to be easily ingested. Custom, in-house format parsing is also supported.
The output of the system can be views in a web page, or exported (on demand or stream) in a multitude of formats, like Snort rules, PaloAlto rules, Bind, CyBOX, CEF, Json, STIX, or others.
Easy integrate with security tools
Envoy focuses on integrating the data mining information and deliver it in the format that you need.
It can integrate with systems like SIEMs (ArcSight, Splunk, QRadar etc.), internal enterprise software, mobile applications, or can work with scripts that query the API.
Envoy is able to work in tandem with the MISP platform, via pull or push method.
Reduce noise with machine learning
After fetching the data, every event in the system is evaluated by our machine learning models, to detect new patterns and adapt accordingly. This is the basis for the scoring system.
The score can be used to integrate with existing systems, and alert of possible breaches. How strict the engine performs is up to you.
Use the connector binary to push data into the system.
Run with pre-existing providers or specify the data format for your in-house threat feeds.
Developer friendly with full access to API
Access all the features from scripts and other applications by accessing the API server.
Actions include: adding new events, query the data, share, perform updates as result of investigations and many more.
Request more information about Envoy
To find out more, send us an email at hello @ envoyproject.com or use the contact page. An Envoy engineer will contact you shortly.