QuoLab’s cutting edge platform delivers a robust, user-centric platform that delivers world class data integration, analysis, and reporting capabilities. The platform was custom designed by cybersecurity professionals to unify intelligence sources, manage threat data, automate evidence ingestion and empower intelligence sharing. QuoLab emphasizing the following core concepts:
- Versatility. The platform is completely customizable by the end user, from adding in new custom data connectors to modifying the reporting framework and everything in between. QuoLab as a solution meets the fusion, analysis and investigation needs of SOCs, TI Analysts, Incident Responders, Reverse Engineers, Blue Teams, Hunt Teams and more.
- Automation. Intelligence data (artefacts, reports, IOCs, etc) is automatically tracked, managed in cases and distributed as needed across all security appliances and data stores. Our bi-directional integrations (supporting both push and pull of data) run the gamut from databases to security controls and include technologies like Splunk, Elasticsearch, SIEMs, IDS, EDR, firewalls, and more.
- Deployability. The platform was designed to run in both connected or air gapped environments alike, from single deployment nodes on laptops to multi-cluster server or cloud based instances. Get up and running in minutes, not days.
- Investigations. QuoLab integrates with and normalizes the data from network analysis tools, malware reverse engineering, threat intelligence data feeds (MISP, OTX, STIX, etc) and other enrichment solutions. This provides users with information they need to visualize, contextualize and understand threats in a unified ecosystem. Log and raw data extraction tools automate and streamline the ingestion and analysis of collected intelligence, disseminating normalized data where needed. Combined with threat-centric case management, it ensures that analysis is never duplicated, results are always preserved, and all tools in the cyber operator’s toolbox are fully leveraged.
- Collaboration. Features such as customizable, serialized reports and the automated dissemination of threat intelligence via MISP, STIX and other frameworks empowers operators, decision makers and other stakeholders to collaborate on and share intelligence in a rapid, natural and flexible manner.