​Akamai​ Enterprise Threat Intelligence is a threat intelligence feed that lets you detect and prevent threats, block emerging threats, gain insights from global threat data, and improve incident response.

You can integrate Enterprise Threat Intelligence with these solutions:

• Security Orchestration, Automation, and Response (SOAR)
• Security Information and Event Management (SIEM)
• Endpoint Detection and Response (EDR)
• Extended Detection and Response (XDR)
• Firewalls and other network security products

The Enterprise Threat Intelligence feed is accessible through the Secure Internet Access (​SIA​) reporting API. Enterprise Threat Intelligence provides a pre-signed URL to download a CSV file with threat intelligence data. You can also do the following:

• Use the Indicators of Compromise (IoC) reports in the ​SIA​ reporting API to get intelligence data on a domain.
• Use the threat intelligence endpoint to retrieve data and apply it to your third-party SOAR, SIEM, EDR, and XDR solutions.

To try this new product, contact your ​Akamai​ account representative.

📘

​Akamai​ currently updates Enterprise Threat Intelligence with new and modified intelligence every 24 hours.

Benefits

Enterprise Threat Intelligence offers these benefits:

• Integration with SIEM, SOAR, EDR, and XDR solutions. You can do the following:
  • Integrate with your SIEM and SOAR solutions to analyze activity, prioritize alerts, provide additional context on detected threats, and more.
  • Integrate with your EDR and XDR solutions to identify and block malicious domains, block connections to command and control servers, isolate affected endpoints, and more.
• Threat detection. Lets you identify and block threats before they impact your organization.
• Informed decision-making. Provides key data that allows you to take action against threats.
• Improved incident response. Includes context-rich threat information that enables you to mitigate security incidents.
• Enhance your firewall rules. Allows you to block traffic to and from malicious domains.

Enterprise Threat Intelligence data

Enterprise Threat Intelligence delivers this data:

Set up and use Enterprise Threat Intelligence

Complete these steps to use the ​SIA​ Reporting API to retrieve threat intelligence data.

To set up and use Enterprise Threat Intelligence:

1. Set up the ​SIA​ Reporting API. If you have not set up the SIA Reporting API, complete these steps to configure it for the first time:

   1. Make sure Secure Internet Access Enterprise API is in your contract.
   2. Create authentication credentials for your API client type. These credentials allow you to use the API. For instructions, see EdgeGrid.
   3. Enable the ETP Report API in Control Center. Choose ETP Report as the API service and set the access level to READ-WRITE.

   To learn more about getting started with the API, see Get Started in the ​SIA​ Reporting API.

2. To get IoC information on a domain, use the IoC reports in the ​SIA​ Reporting API. For more information, see the Indicators of Compromise (IOC) reports in the SIA Reporting API.

3. To download the threat intelligence feed, complete these steps:

   1. Run Get latest domain threat intelligence.
      For example:

      GET https://{hostname}/etp-report/v3/threat-intel/domains/latest/check
      

      The response is a URL to a CSV file.
   2. Download and open the CSV file to view data. For a description of data that’s in the CSV, see Enterprise Threat Intelligence data.

4. Integrate Threat Intelligence with your SIEM, SOAR, EDR, or XDR solution. Refer to your solution’s official documentation to learn how to use the API to retrieve threat intelligence data and apply it to your solution.