Introduction to Envoy

Welcome to the intro guide to Envoy! This guide is the best place to start with Envoy. We cover what Envoy is, what problems it can solve, and what are the main features.

If you are familiar with what Envoy is, the documentation has a better reference on the internals and complete available features.

What is Envoy?

Envoy is an on-premise threat intelligence aggregator and analysis engine, that uses machine learning and pipeline architecture to provide accurate threat intelligence data.

Usually the threat data is available, but often it is in a different format or with different semantics than the ones supported by internal applications. Or, there are systems that have threat data, and all it takes is to extract it from that system.
Envoy offers a unified way to pull information from various sources and various formats, into a single repository.
From this repository, data can be exported in multiple formats or processed via the web gui.
A machine learning engine is also used to augment the data with information and provide a more accurate view on the data.
An API interface is also available to provide easy integration with other systems or scripts.

Key features

The elements that set Envoy appart from other threat intelligence services are:

  • On-premise - access to threat intelligence data should not be limited to persons that are security expert, or highly skilled developers, or professional services.

  • Multi-input and multi-output - access to the data is done via a web interface or programatically, to allow others to integrate. We offer a series of out-of-the-box solutions, but these can be extended to include other systems.

  • Reduce noise with machine learning - machine learning algorithms are used against the incomming data pipeline to detect common paterns and update the threat score based on various context information. The ultimate goal is to reduce false-positives and false-negatives.

  • Easy sharing of intelligence between users of the software, to allow collaboration between analysts or departments.

Next steps

See the page of Envoy use cases to see the multiple ways Envoy can be used.
Then seehow Envoy compares to other threat intelligence to see how it fits into your existing infrastructure.
Finally, continue onwards with the getting started guide to use Envoy to get real time threat intelligence.