K&U logo- white green


Audience: Information Security Security Teams: CTI, Phishing, SOC, CISO


Organizations big and small all have the same concerns when it comes to employee or customer credentials being leaked or breached. Additionally, being aware of what may have been exposed is a top priority for security teams. Using Avalon, analysts have the capability to analyze the sources of credential breaches, credentials that were exposed, and better understand an organization’s overall exposure.

Avalon Collaboration

An analyst was asked to conduct a review of their email domains in Avalon by their phishing team. The analyst conducted analysis and observed activity within Avalon indicative of a likely phishing campaign. With this initial information, the analyst creates a new workspace within Avalon with a time fence to look only at data from the last five days. The analyst inserts relevant email domains onto their Avalon Workspace and runs the SpyCloud enrichment.

The analyst adds the SpyCloud results to their workspace and identifies a report from SpyCloud named, TrickBot Email List. The timestamps on the node indicate the list was recently created, aligning to the time fence implemented. Furthermore, the analyst observes numerous email addresses associated with their organization linked to this report. The analyst provides a few of the email addresses to the phishing team for correlation and quickly confirms those addresses have been targeted.

With that confirmation, the analyst selects all the relevant email addresses that are listed in the Trickbot Email List report and exports them for the phishing team for proactive blocking and password reset notifications.


Real-time collaboration of investigative results from Avalon enabled a list of relevant email addresses along with actionable indicators for export into security tools to prevent credential compromise or exploitation.

  • Multiple levels of investigation were made possible through concurrent workstreams in a single workspace
  • Teams were able to quickly and efficiently correlate each other’s work to produce intelligence and actionable steps
  • A malicious phishing campaign was identified to be targeting the organization and email addresses were exported to security tools to prevent data from being compromised

About Us

King & Union is a cybersecurity company that has built and designed Avalon, the industry’s first cyber analysis platform. The Avalon Cyber Analysis Platform helps analysts streamline threat investigations by providing the intelligence, tools and collaboration security analysts need in a seamless, integrated workspace.