Avalon enables you to quickly and easily visualize investigations by bringing together data from disparate security tools into a single, unified workspace.
Integrations with 25+ leading threat intel providers & platforms
On-demand access to threat intel resources
Avalon enables security teams to work together in real-time on investigations and to produce and deliver finished intelligence.
Easily share findings and research – no more endless email threads, etc.
Break down silos across teams
Enable junior analysts to up-level skills by working with more senior analysts
Avalon helps you quickly cut through the noise by visualizing and enriching threat intelligence to see and understand data relationships.
Easily create robust link analysis for any investigation
Quickly identify links between attributes
Avalon provides an efficient way to create and deliver comprehensive modern security intelligence.
Quickly create, review and deliver reporting required at all levels of your organization
Reduce time spent by analysts on manual, time-consuming administrative tasks
Live links provide easy access to all investigation analysis and data
Create a centralized knowledge repository of all investigations that can be shared and accessed across teams.
Easily reuse relevant data or results from a previous investigations to inform new ones
No more duplicating efforts as members can see and access research done previously
Avalon is a web application that runs in any major browser – no need to install any client or server software.
Avalon provides a robust API to automate interacting with the platform.
Many actions, including graphing, can be done outside the website application with simple HTTP REST requests. Avalon also provides REST endpoints to allow combinations of tasks.
Workspaces can be populated by importing documents that contain indicators. Avalon supports:
For PDF files, Avalon will search the document for words that look like IoCs and automatically add them to the workspace. For CSVs, Avalon will take the first column of the CSV as an IoC, and later columns as attributes to add to that IoC. With JSON, users can specify both the ICs to be uploaded and the relations between them to automatically import connections between IoCs.
Making intelligence operational is critical. Avalon supports the following export formats.
Exports can cover an individual workspace or multiple workspaces. Users can also share sets of workspaces within interest groups and exports these sets of workspaces as a group, effectively creating a threat feed from the collaboration that occurs within an interest group.