encodegroup.com©2001-2017 Encode. All rights reserved. Do not distribute

Yourindicatorsinglepaneofglass

Enorasys©LookupService(ELS)isacloudplatformwhichinterfaceswithmultipleinformationsourcesandprovidesacommoninterfacetoquerysuchsourcesfordatarelatedtoanIPv4,domainorhash.Theplatformprovidesadditionalprocessingmoduleswhichingestsourceinformationandbyutilizingmachinelearningalgorithmsprovideanoverall,humanfriendly,evaluationfortherequestedindicator.

ELScanbeaccessedviaarichwebinterfacewithrichvisualizationwidgetsorviaRESTAPI.ThecommonusescasesforELSistobeabletovisitoneplaceandacquireallavailableinformationaboutaspecificindicatorandtointegratewithotherapplicationswhichcanconsumethedata.

Source clients are developed based on ourclient SAS module framework which providesnativesupportforcachingandmultithreading.SAS modules are integrated to the cloud ELSplatformwhichinturnprovides:

• Accesscontrol• Subscriptionpackages• SynchronousandAsynchronousAPI• Usermanagement• Caching• Statistics• Webinterfaceportal

TheELSPlatformisdeployedonthecloudandisbuiltfromthegroundwithsupportforhorizontalscaling.ELSprovidesapredefinedsetofprovidersand their accompanying data schema for APIconsumption as well as ready made JavaScriptwidgetsfordatavisualization.

encodegroup.com©2001-2017 Encode. All rights reserved. Do not distribute

|KeyBenefits

Supportfordifferentprovidertypes

ELS provides integration with a number ofinformationsourceswhetherpublicorprivate.Provider types include DNS information,Passive DNS, Geolocation, OSINT historicaldata, WHOIS, 3rd party providers informationlike VirustTotal, ranking of domains andmostimportantly Encode proprietary Domainsuspiciousness evaluation and lexicographicalanalysisbasedonmachinelearningmodels.

WebinterfaceandRESTAPIAccess

ELSdatacanbeprovidedviaawebinterfaceorconsumedbyotherapplicationsbyprovidingaRESTAPIformachinereadabledataformats.

Extendedsourcessupport

CurrentlyELSprovidesthefollowingdatasourceinformation:

• DNSdata• WHOIS• Geolocation• OSINT aggregation and history (20+

sources)• Alexarankingservices• Weboftrust• PassiveDNSdata• Enorasys©domainEvaluation(ML)• Enorasys©Lexicographicalanalysis(ML)

encodegroup.com©2001-2017 Encode. All rights reserved. Do not distribute

|KeyFeatures

Enorasys©domainevaluation

Enorasys©domainevaluationisutilizingmachinelearning to provide an evaluation of howquestionable or suspicious a certain domainindicatoris.Thiswaydecisionscanbetakenfasterwithout the need of lengthy analysis of theavailabledata from thedifferentproviders. TheELSdomainevaluationmachinelearningmodeliscontinuouslyimproved.Enorasys©Lexicographicalanalysis

Enorasys© provides a machine learning basedevaluationtodetectifthedomaininquestionsishumanormachinegenerated.

Scalability

Horizontalscalingallowingtheplatformtocopewithtensofthousandsofqueriesandapplicationconsumers.

APIaccess

API access to the platform allows for otherapplications to query the available services in acommonwayandpredefinedstructuredindicatorresults.

JavaScriptWidgets

ELSJavaScriptwidgetsallowotherapplicationstoquery and visualize ELS providers within a webbasedapplication.

Performanceoptimizations

Both caching and asynchronous support isprovidedtotheconsumersoftheserviceallowingfasterresponsetimesandcostreduction.

encodegroup.com©2001-2017 Encode. All rights reserved. Do not distribute

|UseCases

ELSisdevelopedtosupportawidenumberofusecasessuchas:

• AnySOC,SIEMplatform• CIRTandIRteams/professionals• MSSPs• VendorsofInternetsecurityproducts(SWG,FWs,SMGs,AV/Endpointsecurity,etc.)• SecuritySystemsoperationsteamsandvirtuallyanysecurityprofessional• Internet Destination/Site classification as of its “suspiciousness level”, along with aggregated,

threat-relatedandcontextualinformationontheInternetdestination/site.• Noclientfootprint:FullCloudAPI/UI/SDKaccess

SummarizedviewofinformationBriefviewmodeprovideseasytoshowandunderstandindicatorsummarywithspecialviewofinformationthatmatters.