Getting Started with the Threat Intelligence Portal (TIP)

Who this guide is for

• Security analysts, SOC teams, IT admins, MSSPs, and partners who need fast threat visibility and reporting.

What you can do with TIP

• Threat Intelligence Lookup: Search IoCs (IP, domain, URL, hash, email) with DNS, WHOIS, GeoIP, SSL/HTTP, malware families, and actors.
• External Attack Surface Management (EASM): Launch vulnerability scans on domains/IPs; analyze findings, open ports, and services; track history.
• Dashboard: View recent activity, widgets, trends, and quick actions. Customize your layout.
• Reports: Generate API usage, key status, and system summaries (PDF/CSV).
• Logs & Telemetry: Inspect API logs and telemetry for investigation and performance insights.
• Settings: Manage account, MFA, notifications, users, API keys; admins configure system settings and email templates.
• Support & Licenses: Create tickets and review feed/feature entitlements.

Quick start

1. Sign in and review the Dashboard for an environment overview.
2. Run a single or bulk Threat Intelligence Lookup for suspected IoCs.
3. Start an external scan to assess your exposed services.
4. Check Logs/Telemetry for errors or anomalies.
5. Enable MFA and set Notification preferences in Settings.
6. Create API Keys if you need programmatic access.
7. Generate Reports for stakeholders.

Roles and access

• End-user: Company-level access, personal settings, and keys (as permitted).
• Reseller/Distributor: Manage downstream companies and users.

Best practices

• Enable MFA for all users.
• Restrict API keys by IP/User-Agent; use expirations.
• Rotate keys regularly and monitor API usage.

Related articles

• Dashboard
• Threat Intelligence Lookup
• External Attack Surface Management
• Manage API Keys
• Reports & Exports