baseVISION Threat Intel feeds provide tactical threat intelligence to detect and protect against known threats within organizations’ environment before they can cause harm.

Service Deliverables

The baseVISION Threat Intel Feeds leverages multiple sources integrated into its platform, curated and maintained by specialists to ensure quality, including IOC, confidence levels, and expiration. The sources include:

• baseVISION TI is built on the Indicators of Compromise (IOCs) gathered from our customers during incident analysis and response.
• Paid feeds from SOCRadar one of the major players and on Gartner highest rated threat intelligence provider with a worldwide footprint.
• Open Source TI which can provide additional insights and enrich other feeds with context but need to be reviewed regularly.
• BACS/NCSC TI Feeds, Swiss customers who enroll in the NCSC's Cybersecurity Hub can receive them at no cost. baseVISION can offer to include these feeds for free to facilitate the onboarding process for you and require only to connect to baseVISION.

The baseVISION Threat Intel Feed solution provides access to two TAXII/STIX2.1 standard based feeds. baseVISION provides via Azure marketplace a simple solution to consume the Feeds into Microsoft Sentinel and Microsoft Defender XDR. As the feeds are based on TAXII/STIX2.1 it is possible to integrate them also into third party products like firewalls or proxy servers.

Prerequisites

No prerequisites are required to consume this module as the delivered TAXII/STIX2.1 feeds can be integrated into any product which supports these standards.

baseVISION offers manuals and preconfigured solutions for integration into Microsoft Defender XDR and Microsoft Sentinel. Consequently, having Microsoft Sentinel or Microsoft Defender XDR already configured is a requirement in this case.

Service Level Agreement

The availability is measured as long as the required Microsoft Azure services are available and if the outage is not in a planned and communicated maintenance window. The TAXII connector availability SLA is 99%.