About Intelligence
The Intelligence interface provides access to the Knowledge Base, a massive repository of malware behaviors and analysis results produced, collected, and managed by the VMware NSX Network Detection and Response.
The Intelligence interface provides you with the ability to search the analysis results generated by the various VMware analysis environments. Significant features from analysis reports, such as interesting dynamic behaviors or interesting artifacts in memory, are constantly indexed in Knowledge Base for searching purposes. The indexing capability of the Knowledge Base is described in Indexing service.
The Intelligence search capabilities enable security professionals to quickly dig deep into historical breaches, related domains or IP addresses, and associated indicators of compromise (IoC) as well as strings and other artifacts generated in memory for forensics. The system can be used by Incident Response (IR) and Security Operations Center (SOC) teams to drastically improve escalation accuracy, rapid containment, and effective countermeasures with improved coverage. To leverage these capabilities, the supported interface workflows are described in Search workflows.
Built on top of the Knowledge Base, Intelligence provides an alerting service. The alerting service enables security professionals to be pro-actively alerted when newly generated analysis results satisfy criteria they define themselves. Security experts can leverage such a service to reach a better awareness of the threat landscape, in particular, whenever assets of their company are being targeted by emerging threats, for example, monitoring domains, mail addresses, clients. The alerting service is described in Alerting service and the supported workflows are described in Alerting workflows.