Managing reputation lists

In PT Threat Analyzer, you can group objects by general characteristics according to a query written in a dedicated language. This group of objects is called a reputation list. It can include, for example, all malicious objects existing in the system or all IP addresses (domains) that are Tor nodes. Reputation lists created and configured in the PT Threat Analyzer interface are used for export to third-party systems through the API.

A reputation list is automatically updated every time a new fact about an object attribute appears in PT Threat Analyzer or an outdated fact disappears. This way, a third-party system can continuously receive updated data from a reputation list (what objects were added or deleted), which allows it to detect threats and indicators of compromise promptly.

The website uses cookies according to the cookie policy.