Cyber Threat Surveillance

Get cyber threat results related to your company by scanning keywords from specific data sources.

Cyber Threat Surveillance

The Cyber Threat Surveillance feature provides the capability to review possible threats in the Dark Web that could indicate cyber risk in your company or users. With Cyber Threat Surveillance, the main goal is all about risk reduction, and having visibility to those risks or potential risks can put you one step ahead of the game.

How it works

1. Define Keywords

Symbol allows you to add multiple keywords to search by. These categories need to be defined per company and the quantity will vary depending on your plan.

These are some of the keywords you could add to the list:

• Single String (Like Company Name or Product Name)
• Domain
• Email
• CCN (Credit Card Numbers)
• SSN (Social Security Number)
• IP addresses
• Crypto Addresses

2. Select Data Sources

By default, cyber threat results are extracted from all data sources, however,  you can decide which sources you want to get results from.

In order to define a custom list of data sources navigate to the "Data Sources" tab from the cyber threat surveillance view and click on the "Manage Sources" button to choose which sources you want to use for getting cyber threat results.

3. Track Results

Once you have defined your keywords, our application every 24 hours will search on the DarkWeb any result associated with the provided information. These results will be shown in the "Results" tab that is shown in the Cyber Threats view. 

Each result listed on the view will have the following information:

• Title.
• Threat Date.
• Threat Content (It shows all the information extracted from the DarkWeb).
• Status (Pending, Urgent, Resolved).
• Keyword(s) (The keywords used to get the result).
• Negativity. (This is a value of how likely the content could be used for criminal activity).
• Source.

Some things to keep in mind about the results: 

• Every day the application will only search for results on the past 24 hours prior to the search, however, if this is the "first call", then the application will search for historical results about past years.
• The result's content is automatically removed after 30 days.

4. Take Actions

As an admin you can take the following actions on each result:

• Change Status:

  • Pending: this is the default category.

  • Urgent: would be applied when the result has negativity greater than 80%. Also, it would need to be closed out as resolved at some point by the admin.

  • Resolved: It would be a positive closure and each result marked with this category will disappear from the main list and will be sent to the "Resolved Results" list.

• Leave Notes: You can leave notes on each result to provide key insights about the findings or let other colleagues know about the importance of threats.

• Ignore (When ignoring results, they will be automatically removed from the list).

5. Notifications

Admins can enable or disable the Cyber Threat Surveillance notifications that are being sent when new results are found, giving them more control over their organization's security measures. This notification can be managed both for companies and specific admins.

Filtering Results

From the results, you are allowed to filter the findings by:

• Categories: filter by a specific category, such as pending, urgent, resolved etc.
• Date period: filter results between specific dates ranges.
• Keywords: type in specific keywords to filter by.
• Negativity: filter results between a percentage range.

To clear filters, there is a button right under the filters button on the top right.

The list of "Resolved Results" could be accessible by clicking on the number of resolved results that are shown at the top of the screen. 

Note: Cyber Threat results and keywords can also be managed from the Symbol API.

---

Would you be interested in this service?