Extend the Power of Polarity

Polarity is an overlay on top of all your existing workflows and tools. You can also build on top of Polarity to extend the power of the platform. Explore available open source projects here:

Example of Polarity's product overlaying a window on any application

The Polarity <> Analyst1 integration allows Polarity to get quick identification of Indicators and CVEs associated to Actors, Malware, and MITRE ATT&CK from the Analyst1 platform. Analyst1 maintains a comprehensive threat intelligence archive from free, paid, and internal sources powered by NLP automation and analyst curation. Analyst1 provides total data provenance in control by the customer, greatly increasing the simplicity of access and depth of data available for Polarity’s augmented views to end users.

image Learn more

The Polarity BinaryEdgeintegration allows for enrichment of IP's, Domains and E-mail addresses. Free accounts are limited to 250 queries per month. If you are using a free, account we highly recommend running this integration as On-Demand Only. Register for a free account at the URL below: [https://app.binaryedge.io/sign-up](https://app.binaryedge.io/sign-up "https://app.binaryedge.io/sign-up")

image Learn more

The Polarity Censys integration allows the Polarity user to quickly perform research against the three Censys maintained datasets collected via daily ZMap scans of the Internet and by synchronizing with public certificate transparency logs.

image Learn more

Polarity's Chronicle Backstory integration allows automated queries to the Events, Assets, and IOC Details endpoints in Chronicle Backstory's API from the Polarity overlay window.

Learn more

The Polarity Cisco Threat Response integration allows Polarity to search the Threat Response Enrich API to return information about various indicator types.

Learn more

The Polarity Cofense Intelligence™ integration allows Polarity to quickly identify malicious file hashes contained within the Cofense Intelligence™ platform.

image Learn more

The Polarity CRXcavator integration is an on-demand integration which provides risk information about third-party Chrome extensions based on the extension ID. The extension ID is a 32 character string made up of alphabetical letters. The integration will return risk information for the most recent version of the extension as well as information for the version of the extension with the maximum risk, and information for the version of the extension with the minimum risk. Finally, a risk history table is displayed which lets an analyst view the change in risk over time for the integration.

image Learn more

The Polarity CyberReason integration allows Polarity to search CyberReason's API to return threat information on IP's, Domains and File Hashes.

Learn more

The Polarity-Dig integration allows an analyst to quickly run the dig command on their Polarity server, enabling analysts to quickly see associated domains, IPs, and headers.

image Learn more

Digital Risk Protection Software is designed to protect you from external threats, continually identifying where your assets are exposed, providing sufficient context to understand the risk, and options for remediation. The Polarity Digital Shadows integration allows the Polarity user to quickly perform research against the Digital Shadow's search features.

image Learn more

Iris is a proprietary threat intelligence and investigation platform that combines enterprise-grade domain intelligence and risk scoring with industry-leading passive DNS data from Farsight Security and other top-tier providers. An intuitive web interface and API atop these data sources help security teams quickly and efficiently investigate potential cybercrime and cyberespionage. The Polarity DomainTools Iris integration allows Polarity to search Iris for risk information on Domains and Link back out to IRIS if there is associated information less than the count that you set below. More information on Iris: [https://www.domaintools.com/products/iris](https://www.domaintools.com/products/iris "https://www.domaintools.com/products/iris")

image Learn more

The Polarity FireEye Detection on Demand (DoD) integration allows Polarity to quickly identify malicious files contained within the FireEye platform. The FireEye DoD service only supports looking up MD5 hashes.

Learn more

The Polarity - Flashpoint integration queries the indicators, reports, and forums endpoints in Flashpoint for IPs, domains, CVEs, and file hashes. These capabilities enable analysts to have a complete threat picture of indicators Flashpoint has information on, even enabling the analyst to quickly pivot to Flashpoint for further analysis.

image Learn more

The Polarity - Gigamon integration searches Gigamon for detection information as well as any associated DHCP, PDNS or Summary information.

Learn more

The Polarity Google Search Custom Search (CSE) allows the analyst to retrieve and display search results from Google Custom Search programmatically.

Learn more

The Polarity Intel 471 integration allows Polarity to search the Intel 471 API to return information about various indicator types.

Learn more

Returns information on the 1 million domains with the most referring subdomains.

image Learn more

The Polarity Malware Bazaar integration allows Polarity to quickly malicious file hashes contained within the Malware Bazaar platform.

Learn more

The Polarity-Mandiant Threat Intelligence Integration allows analysts to have instant data awareness and recall on any intelligence from Mandiant dataset.

image Learn more

The Polarity - Maxmind integration replicates the Geolocation database from Maxmind to enable analysts to have complete geo-location information for IP addresses, enabling analysts to quickly have an understanding of where an IP is located.

image Learn more

The Polarity - MISP integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with MISP, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to MISP, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - MISP - provides context around indicators in MISP. Polarity -MISP IOC Submission - enables analysts to bulk submit IOCs to MISP.

image Learn more

The Polarity MISP integration allows Polarity to search your instance of MISP to return found domains, IPs, hashes, and emails. The integration also allows you to Create and Delete attributes (IOCs) in bulk from MISP. > **_NOTE_**: Attribute creation will create a new event containing all Attributes submitted.

image Learn more

The Polarity MISP Warning Lists integration searches MISP hash, domain and IPv4 based warning lists and returns related list information.

Learn more

The Polarity OSINT Pivot integration allows an analyst to run an on-demand query against various indicator types to return a list of recommended OSINT resources to quickly pivot to.

Learn more

AutoFocus™ is a contextual threat intelligence service that accelerates analysis, correlation, and prevention workflows.

image Learn more

Returns Passivetotal whois intelligence for domains and emails.

image Learn more

The Polarity-Pipl integration allows the Polarity user to quickly perform research against persons of interest via email address and telephone number recognition.

image Learn more

Decode URLs which have been rewritten by TAP to their original, target URL. For more information about the Proofpoint URL Decoder API please see [https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/URL_Decoder_API](https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/URL_Decoder_API "https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/URL_Decoder_API")

Learn more

The Polarity - Pulsedive integration provides analysts real time community driven threat intelligence on ips and domains. Allowing analysts to have the vast risk knowledge that Pulsedive can provide in any workflow they are using.

image Learn more

The Polarity - Recorded Future searches the Recorded Future API for threat information on associated indicators. Allowing analysts to have the power of Recorded Future's vast threat intelligence no matter what application they are looking at, enabling better data awareness and recall.

image Learn more

The Polarity RIPEstat integration allows Polarity to return all announced prefixes for a given ASN via the RIPEstat Data API.

Learn more

Polarity - RiskIQ integration allows Polarity to search RiskIQ Security Intelligence Services (SIS API) to return threat information on IP's, Domains and URL's.

image Learn more

The Polarity Sandbox integrations uses the Google search API to search malware on different internet hosted sandboxes, to provide more information on the malware hashes.

image Learn more

The Polarity Securonix integration allows Polarity to search Securonix API to return User Violation information on Emails, Domains and IP's.

Learn more

Polarity's ServiceNow Security Incident Response (SIR) Integration allows the lookup of ServiceNow security incidents (e.g. SIR00000012), and Observables including IP addresses, CVE's, web domains, file hashes and e-mail addresses against your instance of ServiceNow.

image Learn more

The Polarity - Shodan integration provides immediate awareness to Shodan’s vast Internet of Things search engine. Enabling analysts to quickly triage the location, associated domains and headers for an IP.

image Learn more

Identifies Snort Signatures and allows for quick pivot to rule documentation

image Learn more

The Polarity Social Media Searcher uses the google search API to pass through programmatically search if there are any known social media accounts on any of the following websites. * facebook.com * twitter.com * instagram.com * tiktok.com * reddit.com * parler.com * linkedin.com

Learn more

Sumo Logic, Inc. is a cloud-based machine data analytics company focusing on security, operations and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights. This integration will run the provided search query and return the first 10 results.

Learn more

The Polarity - ThreatConnect integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with ThreatConnect, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to ThreatConnect, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - ThreatConnect - provides context around indicators in ThreatConnect and enables users to link out to Playbooks and run from the ThreatConnect Ui. Polarity -ThreatConnect IOC Submission - enables analysts to bulk submit IOCs to Threatstream.

image Learn more

The Polarity ThreatConnect integration allows Polarity to search your instance of ThreatConnect to return found domains, IPs, hashes, and emails. The integration also allows you to Create and Delete Indicators (IOCs) in bulk from ThreatConnect.

image Learn more

The Polarity - ThreatQuotient integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with ThreatQuotient, one that enables a user to see the threat information on indicators and one to bulk submit indicators to ThreatQuotient, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - ThreatQuotient - provides context around indicators in ThreatQuotient. Polarity -ThreatQuotient IOC Submission - enables analysts to bulk submit IOCs to Threatstream.

image Learn more

The Polarity ThreatQuotient integration allows Polarity to search your instance of ThreatQuotient to return found domains, IPs, hashes, and emails. The integration also allows you to Create and Delete Indicators (IOCs) in bulk from ThreatQuotient.

image Learn more

The Polarity ThreatStream IOC Submission integration gives users allows users to submit indicators of compromise to Anomali's ThreatStream platform.

image Learn more

The Polarity TruSTAR integration allows Polarity to search the TruSTAR API to return information about various indicator types.

image Learn more

The Polarity Twitter integration uses the Google search API to search for twitter for related tweets around your search parameters.

image Learn more

The Polarity USCert integration uses the Google search API to search for indicators all throughout USCerts website.

image Learn more

Want to learn more?

See Polarity in more detail, or check out our blog

Read blog Get started