Threat Books

Threat Books are a feature in Uptycs that allow you to easily identify which, if any, of your systems are exhibiting behavior associated with known IOCs. By submitting different types of indicators, such as file hashes or IP addresses, users can quickly generate a report summarizing any traces of the IOC across their infrastructure. It’s a great way to quickly and effectively respond to internal requests for research. 

With the Uptycs Flight Recorder automatically storing endpoint state data for assets which have a shelf life of a few hours or even minutes, Threat Books can be applied historically to VMs or containers that may no longer exist.

Essentially, Threat Books help you quickly determine if a bigger investigation is needed, without having to run queries separately for all the IOCs in a threat report.