Nucleon

This article describes the Intelligence Card Extension for Nucleon. 

About Nucleon

Nucleon was founded by an experienced team of security professionals and has developed a highly flexible system able to monitor and predict attacks around the internet. 
You must have commercial access to Nucleon to use this extension.  Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

Extending IP Address Intelligence Cards

You can enrich any IP Address Intelligence Card with the following threat intelligence from Nucleon:

  • Type - the type can be "active" or "history"
  • Times Recorded - the number of times incidents were recorded from this specific IP
  • Last Seen - last date an incident was recorded from this IP
  • Source Country - the source country of this IP
  • Sector Breakdown - % breakdown by industries where incidents have been recorded (General, FinTech, Government, Municipality, Critical Infrastructure, Energy, Healthcare, Telecom)
  • Last seen target country
  • Target Country Breakdown
  • Protocol - protocol that was used
  • Command & Control - is it a Command & Control unit (true or false)
  • Darknet - is it coming from the Darknet (true or false)
  • Botnet - is it a botnet (true or false)
  • Automated

​Example (for IP address 159.122.222.207):

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more