Solar Threat Intellegence Feeds (Solar TI Feeds)

Main article: Data mining Data mining

2025

Launch subscription to Cyber Threat Detection Rules

GK Solar"" July 16, 2025 announced the launch of a subscription to its own detection rules hacker attacks within the Solar TI Feeds service. The rules take into account patterns of behavior of attackers and are suitable for various means of monitoring and protection (,, SIEM NGFW EDR, WAF, SEG, Sandbox, UTM, DLP etc.). All of them are used by Solar to identify cyber attacks on large organizations. RUSSIAN FEDERATION Thanks to the subscription, companies will be able to qualitatively increase the capabilities of their INFORMATION SECURITY solutions - faster and more accurately identify and reflect both completely new and already known threats.

𝓲

Фото: Solar

According to data from the largest network of sensors and hanipots (traps) of the Solar Group of Companies, in the first quarter of 2025 alone, the number of recorded hacker attacks increased 2.6 times compared to the quarter earlier, to 608 thousand. At the same time, the rules for detecting these attacks are often irrelevant, they are not enough or, on the contrary, too many, which can lead to a high number of positives on IPS (information protection tools) and, as a result, to problems with the reflection of real threats.

The rules from experts at the Solar 4RAYS Cyber ​ ​ Threat Research Center solve these problems - they are suitable for all organizations that want to identify even previously unknown attacks faster and better without the need to change their existing approaches to information security. Unlike data streams with specific hashes and IP addresses, which are constantly changing, the rules take into account the trend patterns of the behavior of attackers and remain relevant for a long time. The service helps to capture various types of threats: web attacks, malware, exploitation of vulnerabilities, signs of the presence of pentester tools, unusual artifacts of complex attacks, etc.

The subscription includes:

• Ready-made rules - will help detect both known threats and previously unknown, but similar to them for a number of signs. They have already been tested by information security specialists as part of the largest commercial center for countering cyber attacks Solar JSOC, and their usefulness has been confirmed during more than 200 Solar 4RAYS investigations.
• Hypotheses for identifying new threats - rules for determining the most trendsetters are developed and provided by Solar 4RAYS experts less than a day after information about the new threat appears.

The rules are based on the Solar knowledge base, which consists of more than 200 billion information security events from sensors in the largest on RUSSIAN FEDERATION the telecom network, Rostelecom Solar JSOC telemetry (more than 1 million hacker actions from honeypots and 3 million alerts per day from sensors) and technology center products and. cyber security

The subscription will be provided to companies for a period of 1 year. To transfer the rules and their implementation in various classes of monitoring and protection means, software is used, which is included in the Russian register of domestic software.

Many information security departments face both a lack of expertise in repelling attacks and an overabundance of rules that are irrelevant for modern threats - all this leads to an endless stream of EMI triggers that are difficult to cope with. Solar, as an architect of comprehensive cybersecurity, has many years of experience in repelling threats, as well as a knowledge base on which to generate hypotheses to prevent new attacks. The indicators of attacks in Solar TI Feeds are not designed to change their own approaches to information security, but to give existing SMTs new intelligence that will restore order in the processes of protection against cyber threats, "explained Alexey Vishnyakov, technical director of the Solar Cyber ​ ​ Threat Research Center 4RAYS Solar Group of Companies.

Launch of Solar Threat Intelligence Feeds

On April 2, 2025, Solar Group announced the launch of Solar Threat Intelligence Feeds, a service for supplying data flow (feeds) about current cyber threats in 24/7 mode. The service allows large companies to continuously enrich their SOC (Security Operation Center) with new knowledge about dangerous incidents and prevent cyber attacks in time. The feeds are based on a knowledge base containing data from Rostelecom sensors, as well as telemetry of Solar services and products. Solar TI Feeds is already being implemented in several pilot projects.

𝓲

Фото: Solar

Timely detection and response to cyber attacks can be hindered by various factors: congestion of SOC personnel due to the processing of a large number of incidents, a high rate of false positives of information protection tools (MPS), or a temporary lack of resources to proactively identify real threats. Solar TI Feeds will help companies to solve this problem, which are important to ensure the uninterrupted operation of business processes, avoid leaks and, as a result, reputational and financial losses. This is especially true for industries that affect the economy of the Russian Federation and are under the constant sight of hackers - the financial, oil and gas, public sector, industry, telecom and IT.

Solar TI Feeds is intended for companies with a high level of information security maturity: having their own or external SOC or applying such solutions as EDR, XDR, SOAR, NGFW, TIP. The arsenal of the service includes more than 20 varieties of feeds, consisting of indicators of compromise (addresses, hashes) and rules for detecting attacks. Data streams include:

• Sensor data of the largest Rostelecom telecom network in the Russian Federation;
• Telemetry of services of the center for countering cyber threats Solar JSOC and products of the center for technology and cybersecurity "Solar";
• The results of automated analysis of more than 1 million hacker actions, 3 million alerts and 200 + billion events detected on sensors;
• Detection rules developed as a result of more than 200 investigations of cyber attacks and constant tracking of the activities of more than 60 hacker groups by experts from the Solar 4RAYS Cyber ​ ​ Threat Research Center.

Continuous transmission of the data stream occurs via the API or on-premium agent. For convenience, the service supports connection to the SIM, SOAR, NGFW, EDR, XDR and other information protection tools, including TI platforms.

All information is automatically and manually verified on the Solar side, which avoids irrelevant data and other "noise" that prevents timely detection of attacks. The service allows companies to see a complete picture of the context of cyber threats around the clock without the need to search for information in various sources. In addition, individual customization of feeds is available to companies.

Almost all information security services of large companies face a huge number of security events that cannot be quickly processed in full, which prevents them from dealing with threats in a timely manner. Solar TI Feeds helps prioritise MPS actuations and save time when responding to real ones. cyber attacks Knowledge of 4RAYS in the fields of cyber intelligence and incident investigation data , cyber attacks from JSOC and information from Rostelecom sensors make fids highly relevant and allow them to be used in various scenarios, including for automatic blocking of threats, "explained Alexey Vishnyakov, technical director of the Solar Cyber ​ ​ Threat Research Center 4RAYS Solar Group.