Solar Threat Intellegence Feeds (Solar TI Feeds)

Main article: Data mining Data mining

2025: Solar Threat Intelligence Feeds launch

On April 2, 2025, Solar Group announced the launch of Solar Threat Intelligence Feeds, a service for supplying data flow (feeds) about current cyber threats in 24/7 mode. The service allows large companies to continuously enrich their SOC (Security Operation Center) with new knowledge about dangerous incidents and prevent cyber attacks in time. The feeds are based on a knowledge base containing data from Rostelecom sensors, as well as telemetry of Solar services and products. Solar TI Feeds is already being implemented in several pilot projects.

𝓲

Фото: Solar

Timely detection and response to cyber attacks can be hindered by various factors: congestion of SOC personnel due to the processing of a large number of incidents, a high rate of false positives of information protection tools (MPS), or a temporary lack of resources to proactively identify real threats. Solar TI Feeds will help companies to solve this problem, which are important to ensure the uninterrupted operation of business processes, avoid leaks and, as a result, reputational and financial losses. This is especially true for industries that affect the economy of the Russian Federation and are under the constant sight of hackers - the financial, oil and gas, public sector, industry, telecom and IT.

Solar TI Feeds is intended for companies with a high level of information security maturity: having their own or external SOC or applying such solutions as EDR, XDR, SOAR, NGFW, TIP. The arsenal of the service includes more than 20 varieties of feeds, consisting of indicators of compromise (addresses, hashes) and rules for detecting attacks. Data streams include:

• Sensor data of the largest Rostelecom telecom network in the Russian Federation;
• Telemetry of services of the center for countering cyber threats Solar JSOC and products of the center for technology and cybersecurity "Solar";
• The results of automated analysis of more than 1 million hacker actions, 3 million alerts and 200 + billion events detected on sensors;
• Detection rules developed as a result of more than 200 investigations of cyber attacks and constant tracking of the activities of more than 60 hacker groups by experts from the Solar 4RAYS Cyber ​ ​ Threat Research Center.

Continuous transmission of the data stream occurs via the API or on-premium agent. For convenience, the service supports connection to the SIM, SOAR, NGFW, EDR, XDR and other information protection tools, including TI platforms.

All information is automatically and manually verified on the Solar side, which avoids irrelevant data and other "noise" that prevents timely detection of attacks. The service allows companies to see a complete picture of the context of cyber threats around the clock without the need to search for information in various sources. In addition, individual customization of feeds is available to companies.

Almost all information security services of large companies face a huge number of security events that cannot be quickly processed in full, which prevents them from dealing with threats in a timely manner. Solar TI Feeds helps prioritise MPS actuations and save time when responding to real ones. cyber attacks Knowledge of 4RAYS in the fields of cyber intelligence and incident investigation data , cyber attacks from JSOC and information from Rostelecom sensors make fids highly relevant and allow them to be used in various scenarios, including for automatic blocking of threats, "explained Alexey Vishnyakov, technical director of the Solar Cyber ​ ​ Threat Research Center 4RAYS Solar Group.