One Security Team

Say good-bye to silos and endlessly emailing files back and forth. Avalon is the first enterprise link analysis platform that enables security teams to integrate all their tools and data into a single interactive workspace.

With Avalon, security teams can work together to conduct investigations, then efficiently deliver the finished intelligence needed throughout their organization.


Avalon is a web application that runs in your browser. Any recent major browser will work. There’s no need to install any client software. It is a “Software as a Service” platform, meaning there’s no server software to install, either.

API Framework

Avalon provides a robust API to automate interacting with the platform. Many actions, including graphing, can be done outside the web application with simple HTTP REST requests. Avalon also provides REST endpoints to allow combinations of tasks. For more information on interoperating with the Avalon API, please contact support.


Aside from manual entry, workspaces can be populated by importing documents that contain indicators. Avalon supports the following formats for importing data:





For PDF files, Avalon will search the document for words that look like IoCs and automatically add them to the workspace. For CSVs, Avalon will take the first column of the CSV as an IoC, and later columns as attributes to add to that IoC. With JSON, users can specify both the IoCs to be uploaded and the relationships between them to automatically import connections between IoCs


Making intelligence operational is critical. Avalon supports the following export formats:



JSON with relationship data



CarbonBlack JSON

Bro IDS Intel

Exports can cover an individual workspace, or multiple workspaces. Users can also share sets of workspaces within Interest Groups and export these sets of workspaces as a group, effectively creating a threat feed from the collaboration that occurs within an Interest Group.