This article describes the Intelligence Card Extension for Nucleon.
About Nucleon
Nucleon was founded by an experienced team of security professionals and has developed a highly flexible system able to monitor and predict attacks around the internet.
You must have commercial access to Nucleon to use this extension. Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending IP Address Intelligence Cards
You can enrich any IP Address Intelligence Card with the following threat intelligence from Nucleon:
- Type - the type can be "active" or "history"
- Times Recorded - the number of times incidents were recorded from this specific IP
- Last Seen - last date an incident was recorded from this IP
- Source Country - the source country of this IP
- Sector Breakdown - % breakdown by industries where incidents have been recorded (General, FinTech, Government, Municipality, Critical Infrastructure, Energy, Healthcare, Telecom)
- Last seen target country -
- Target Country Breakdown -
- Protocol - protocol that was used
- Command & Control - is it a Command & Control unit (true or false)
- Darknet - is it coming from the Darknet (true or false)
- Botnet - is it a botnet (true or false)
- Automated -
Example (for IP address 159.122.222.207):