Threat Intelligence by Tego Cyber

**Overview** Tego provides curated and highly contextualized threat intelligence to customers of Databricks and anyone that is able to consume data through Delta Sharing. Using Tego’s threat intelligence, customers can build correlation queries to search through their data for threats. **Use cases** - Threat Detection and Mitigation: By comparing Tego's threat intelligence dataset with the data stored in Databricks, you can identify potential threats and indicators of compromise within your organization's data. For example, you can compare IP addresses, domain names, or hashes associated with known malicious actors or malware against the data in Databricks to identify any matches. This can help you proactively detect and mitigate security threats within your environment. - Real-time Threat Monitoring and Alerting: Databricks provides real-time data processing capabilities, making it well-suited for monitoring and detecting threats as they occur. By continuously comparing Tego's threat intelligence dataset with streaming data in Databricks, you can identify and respond to security incidents in near real-time. - Security Incident Investigation and Forensics: When a security incident occurs, it is crucial to investigate and understand the extent of the breach, the tactics employed by the attackers, and the potential impact on your organization. By integrating Tego's threat intelligence feed with Databricks, you can enhance your security incident investigation and forensic capabilities. **Product details** Tables Included: - Threats - Details Fields Included: - Threat Information - OCSF Unmapped Fields (Category, City, Region, Country, ISP, Port, Anonymity, etc.) - OCSF Finding Fields (Name of Threat, Description, Created Time, First Seen Time, Last Seen Time) - OCSF Metadata Fields (OCSF Version, Product Vendor and Name) - OCSF Required Fields (Type UUID, Activity Name and Id, Severity, Status Id, State Id, Category UUID, Class Name and UUID, Time, etc.) For more details, refer to the embedded notebook. **Additional Insights** For more information on: Tego Cyber Threat Intelligence https://www.tegocyber.com/product/threat-intelligence OCSF (Open Cybersecurity Schema Framework) https://schema.ocsf.io/