Comparison of Kaspersky Threat Intelligence Portal versions

The table below shows the difference between features available for General and Premium Access to Kaspersky Threat Intelligence Portal.

Available features for General and Premium Access to Kaspersky Threat Intelligence Portal

Feature

General Access

Premium Access

Home page

Worldwide cyber-map

 

TOPs of threats worldwide and for individual countries

 

Threat dynamics worldwide and for individual countries

 

Event list displaying recent events

 

APT Intelligence and Financial Threat Intelligence Reporting

Access to service using web interface

 

Access to service using RESTful API

 

Email notifications for new or updated reports

 

APT Intelligence reports

 

APT C&C Tracking

 

Financial Threat Intelligence reports

 

Actor profiles

 

IoC downloads

 

ICS Reporting

ICS reports

 

Threat Lookup: Hash investigation

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

Hash report contents:

 

 

General information

Detection names

File signatures and certificates

 

Container signatures and certificates

 

File paths

 

File names

 

File downloaded from web addresses and domains

 

File accessed following web addresses

 

File started following objects

 

File was started by following objects

 

File downloaded following objects

 

File was downloaded by following objects

 

Threat Lookup: IP address investigation

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

IP address report contents:

 

 

General information

IP WHOIS

Threat score

 

DNS resolutions for IP address

 

Files related to IP address

 

Hosted web addresses

 

Threat Lookup: Web address investigation

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

Web address report contents:

 

 

General information

Domain/IP WHOIS

DNS resolutions for domain

 

Files downloaded from requested web address

 

Files accessed requested web address

 

Referrals to requested web address

 

Requested object linked, forwarded, or redirected to following web addresses

 

Masks (record ID in Data Feeds)

 

Threat Lookup: Domain investigation

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

Domain report contents:

 

 

General information

Domain WHOIS

DNS resolutions for domain

 

Files downloaded from requested domain

 

Files accessed requested domain

 

Subdomains

 

Referrals to domain

 

Domain referred to following web addresses

 

Web address masks

 

WHOIS Lookup

 

WHOIS Hunting

 

Cloud Sandbox: Upload and execute file

Custom file execution parameters

 

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

File analysis report contents:

 

 

General information

Detection names (including Sandbox detects and Triggered Network Rules)

Execution map

(limited)

Suspicious activities

(limited)

Screenshots

(limited)

Loaded PE images

(limited)

File operations

(limited)

Registry operations

(limited)

Process operations

(limited)

Synchronize operations

(limited)

Downloaded files

(limited)

Dropped files

(limited)

HTTP(S) requests

(limited)

DNS requests

(limited)

Cloud Sandbox: Download and execute file

File download from a web resource

 

Custom file execution parameters

 

Access to service using web interface

 

Access to service using RESTful API

 

Export results to JSON / STIX / CSV formats

 

File analysis report contents:

 

 

File download information

 

Download request

 

Download responses

 

General information

 

Detection names (including Sandbox detects and Triggered Network Rules)

 

Execution map

 

Suspicious activities

 

Screenshots

 

Loaded PE images

 

File operations

 

Registry operations

 

Process operations

 

Synchronize operations

 

Downloaded files

 

Dropped files

 

HTTP(S) requests

 

DNS requests

 

Cloud Sandbox: Browse web address

Custom web address browsing parameters

 

Access to service using web interface

Access to service using RESTful API

(for registered users, API token required)

Export results to JSON / STIX / CSV formats

 

Web address analysis report contents:

 

 

General information

Detection names (including Sandbox detects and Triggered Network Rules)

Connected hosts

(limited)

WHOIS

(limited)

HTTP(S) requests

(limited)

DNS requests

(limited)

Screenshots

(limited)

Digital Footprint Intelligence

Digital Footprint Intelligence reports

 

Digital Footprint Intelligence notifications

 

Threat notifications

 

Export threat notifications

 

Viewing and changing organization's information

 

Data Feeds

Threat Intelligence Data Feeds

 

Incident Response Tools

 

Threat Data Feeds Supplementary Tools

 

SIEM Connectors

 

Related Materials

 

User account management

View all group accounts

 

Manage group accounts (create, edit, delete)

 

Configure email notifications

 

Page top