Listing Thumbnail

    Group-IB Threat Intelligence

     Info
    Sold by: Group-IB 
    Group-IB Threat Intelligence is an enterprise cyber threat intelligence platform that reveals the adversaries targeting you: their infrastructure, tooling, and tactics. It combines proprietary closed-source intelligence with AI-driven analysis through Prevyn AI, delivering dark web monitoring, compromised credential detection, threat actor attribution, and real-time IOC feeds with native SIEM, SOAR, and TIP integrations.

    Overview

    Play video

    Group-IB Threat Intelligence

    Group-IB Threat Intelligence is a cyber threat intelligence platform that combines automated collection across open, technical, and criminal sources with human analyst intelligence gained through formal cooperation agreements with INTERPOL, Europol, and AFRIPOL. Delivered through the Group-IB Unified Risk Platform, it aggregates intelligence from ISP-level sensors, honeypot networks, dark web forums, instant messaging channels (Telegram, Discord), malware detonation infrastructure, C&C server tracking, and compromised data repositories.

    Intelligence Layers

    Strategic Intelligence Informs executive decision-making and long-term threat landscape understanding through regular analyst-written reports tailored to your industry and region.

    Operational Intelligence Covers threat actor profiles, attack campaigns, and kill chain reconstruction in MITRE ATT&CK format - enabling security teams to build detection logic and response playbooks aligned with real adversary behaviors.

    Tactical Intelligence Delivers continuously updated indicators of compromise (IPs, domains, file hashes, URLs) that can be automatically ingested into network and endpoint controls to block threats at the moment of first observation worldwide.

    Prevyn AI - Agentic Intelligence

    Group-IB's agentic AI solution, Prevyn AI, is an orchestrated multi-agent system consisting of 11 specialized, domain-expert agents that autonomously conduct adversary-focused research, malware attribution, and dark web monitoring. Prevyn AI Command orchestrates these agents to execute complex, multi-step threat research, identify attacker intent, and track infrastructure staging automatically. The system evaluates campaign indicators and maps them to active adversarial TTPs to predict threats before they launch. An integrated AI Assistant allows analysts to instantly query CVEs, track emerging threat actor profiles, and map indicators to the MITRE ATT&CK framework.

    Key Capabilities

    • Structured threat actor attribution with full TTP and infrastructure profiling
    • Dark web monitoring across forums, markets, paste sites, and messenger channels
    • Compromised credential and payment card detection with automated alerts before data is weaponized
    • Suspicious IP intelligence covering VPN, proxy, SOCKS, Tor, and scanner nodes used by adversaries, for attribution and enrichment of internal alerts
    • Suspicious payment details (SPD) feeds for integration with transaction-monitoring systems to detect fraud
    • Investigative Graph interface for mapping relationships between actors, tools, and infrastructure
    • Incident Management Center for structuring external threats into a trackable workflow: define incidents, automate detection rules, and manage threats end-to-end within the platform
    • Malware file detonation and reverse engineering
    • Vulnerability tracking cross-referenced against active exploitation activity targeting your industry

    Security and Compliance

    Group-IB Global Private Limited holds ISO/IEC 27001:2022 certification issued by TUV AUSTRIA GMBH (Certificate Registration No. TA420243018927, valid until 2027-07-01). The certification scope covers the Threat Intelligence solution, Fraud Protection platform, and information security Audit and Consulting services. For certificate details, visit https://www.group-ib.com/resources/certificates/ 

    Industry Use Case: Financial Services

    A financial services SOC subscribes to Group-IB Threat Intelligence and configures Threat Hunting Rules for their card BIN ranges and corporate domains. When compromised payment card data linked to their institution appears on a dark web market, the platform generates an automated alert. The SOC analyst uses the Graph interface to trace the breach to a specific JS-sniffer campaign, reviews the threat actor profile mapped to MITRE ATT&CK techniques, and deploys blocking rules to their SIEM. CERT-GIB initiates a takedown of the phishing domains used in the campaign.

    Integrations and Deployment

    Group-IB Threat Intelligence supports unlimited users and API calls under a single annual subscription. Out-of-the-box integrations support SIEM, SOAR, EDR, and TIP platforms including Splunk, with STIX/TAXII data transfer for custom integrations. Available via AWS Marketplace, the platform is suited for organizations running security operations on AWS infrastructure.

    Analyst Recognition

    The platform is recognized by Gartner (included in the 2023 Market Guide for Security Threat Intelligence Products and Services), Forrester, IDC, Datos Insights, KuppingerCole, and Frost & Sullivan.

    Evaluation

    For a proof of concept or personalized demo showing intelligence relevant to your industry and region, contact the Group-IB team through the AWS Marketplace listing or visit https://www.group-ib.com/products/threat-intelligence/  to learn more.

    Highlights

    • Intelligence from inside the adversary's world: Proprietary, closed-source data gathered by human experts through years of embedded access to criminal communities, undercover sources, malware analysis, and law enforcement collaboration. This is the foundation for attribution and adversary tracking of exceptional depth.
    • Know your adversary, mapped to MITRE ATT&CK: Structured profiles of the threat actors targeting your industry, covering their tools, tactics, techniques, and infrastructure, reconstructed across the full kill chain and mapped to MITRE ATT&CK for direct use in detection and response.
    • Enterprise scale, no per-seat limits: A single subscription covers unlimited users, out-of-the-box SIEM, SOAR, EDR, and TIP integrations including Splunk, and STIX/TAXII transfer, backed by a dedicated team of Group-IB analysts.

    Details

    Sold by

    Categories

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Group-IB Threat Intelligence

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    36-month contract (1)

     Info
    Dimension
    Description
    Cost/36 months
    Group-IB Threat Intelligence
    Modules and terms defined in private offer
    $1,830,000.00

    Vendor refund policy

    Parties will negotiate in good faith any necessary amendments to this Agreement to address the change. If the Parties are unable to reach an agreement, and a governmental or regulatory authority has determined that continuing to perform as currently required would violate the law then either Party may upon written notice terminate this Agreement without penalty

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Group-IB provides 24/7 global support for Threat Intelligence customers, with direct access to product specialists, threat analysts, and a dedicated account team across all regions.

    Support Channels:

    Onboarding Process and Time-to-Value:

    1. Subscribe via AWS Marketplace and receive platform credentials instantly
    2. Provide your monitored domains, BIN ranges, and SIEM/SOAR endpoint details
    3. Onboarding team configures Threat Hunting Rules tailored to your organization
    4. Integration support connects your SIEM, SOAR, TIP, or custom STIX/TAXII feeds
    5. Ongoing refinement of intelligence filters with your dedicated analyst team

    Buyer prerequisites: Prepare a list of monitored domains, card BIN ranges (if applicable), and integration endpoint URLs or API tokens for your SIEM/SOAR/TIP platforms before onboarding begins.

    What is Included:

    • Onboarding assistance and integration configuration support
    • Analyst access for custom intelligence requests and briefings
    • Threat Hunting Rule creation and continuous refinement
    • Managed Threat Intelligence Specialist Service for custom RFIs, malware reverse engineering, threat enrichment, and ransomware data analysis
    • Dark Web Feed Monitoring Service with customized reports

    Requesting Assistance: For product issues, integration troubleshooting, custom intelligence requests, or subscription and billing inquiries including refunds, contact the support team via phone, email, or your dedicated Slack channel. Your dedicated account team is available to assist with any platform-related needs.

    For a proof of concept or demo, contact the sales team through the AWS Marketplace listing or the website link above.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.