Use Cases

Before understanding use cases, it's useful to know what NoiseRecon is. This page lists some concrete use cases for NoiseRecon, but the possible use cases are much broader than what we cover.

Generate EDL (External Dynamic Lists) and import in your firewall

Use NoiseRecon to fetch threat intelligence data, aggregate and filter it, and imported into your firewall.
NoiseRecon supports most firewall vendors for the import of threat intelligence lists.

Targeted threat intelligence queries

At a bare minimum, NoiseRecon can be used to make specific queries about IPs, hosts, md5sums, and check if they are part of the threat intelligence platform.
This can be part of an ongoing investigation about a specific threat, or threat hunting and checking for suspicious activity.
The queries can be run from the web profile, or by accessing the API using various tools. The only requirement to run API calls is to include with the query the API Key, which is visible in the NoiseRecon web profile.

Enrich SIEM with threat information

NoiseRecon can be made part of the SIEM infrastructure by providing the threat context for a specific IP, hostname, hash.
The supported SIEM platforms are: HP ArcSight, Splunk, Elastic Search, IBM QRadar, McAfee Enterprise Security Manager.
Because it runs on a high performance infrastructure, NoiseRecon can be used to directly query for threat information, and made part of the investigation process already built inside a SIEM.

Integration with internal application and mobile devices

The API allows for integration of threat information into already-built internal applications in your company. Because the API is vendor independent, it can be easily integrated to provide threat information to these applications.
Similarly, mobile applications can include threat data to expand their reach and provide additional features to the users.