Getting Started

Welcome to Silent Push, the industry-leading platform for preemptive threat intelligence and proactive cyber defense. In an era where cyber threats evolve rapidly, Silent Push empowers organizations to stay ahead of attackers by preemptively neutralizing risks, safeguarding brand integrity, and securing digital footprints.

This guide provides a clear roadmap for getting started, covering essential steps for seamless deployment and implementation of our powerful security features. Whether you're using the Enterprise or Community Edition, you'll learn to leverage Indicators of Future Attack (IOFA™), advanced queries, and integrations to outpace emerging threats.

Silent Push redefines cybersecurity by shifting from reactive responses to proactive, data-driven threat hunting. Our mission is to neutralize attacker infrastructure before it becomes a threat, using first-party data from daily scans of the entire IPv4 and IPv6 space. By combining Threat Intelligence Management, Brand Impersonation Protection, Attack Surface Mapping, Observable Enrichment, and Monitoring, we provide security teams with actionable insights to prevent data breaches, phishing, ransomware, and other risks. This guide will help you configure access, integrate with your security stack, and take action to protect your organization.

Core Collection Engine

At the heart of Silent Push is a proprietary scanning and active resolution engine that delivers proactive threat intelligence. It enriches DNS, IPv4, and IPv6 data with risk and reputation scoring to generate IOFA™, enabling early detection of adversary infrastructure. Sourced from diverse feeds, this intelligence offers comprehensive visibility into domains, IPs, and URLs across multiple industries. With over 250 API endpoints, Silent Push integrates seamlessly with your existing security stack, enabling you to build bespoke threat intelligence tailored to your needs.

Key solutions include:

• Threat Intelligence Management: Centralizes feed ingestion, reputation scoring, and enrichment in a unified console, allowing you to combat attacker infrastructure and export data to internal tools.

• Brand Impersonation: Proactively scans for malicious domains mimicking your brand, using anti-impersonation queries to detect certificate exploitation, typosquats, and content spoofing.

• Attack Surface Mapping: Identifies vulnerabilities like entry points, DNS issues, and shadow IT, helping prioritize security efforts.

• Observable Enrichment: Analyzes over 70 attributes (e.g., WHOIS, DNS records, JARM, favicons) for domains, IPs, or URLs to assess risk and origin.

• Monitoring: Tracks query changes daily, delivering alerts via email to save time and resources. Learn more (#).

Configure Access

Account Management

• Create a Community Account: Go to Silent Push, click Community Edition, sign up, and confirm via email (valid for 72 hours). Upgrade via Subscription.

• Log In: Use standard sign-in (email/password), enable 2FA (scan QR code), or set up SSO (Enterprise only, contact your Account Manager).

• Invite Users: As an Admin, go to Organization > Users, add a user, and send an invitation.

• Set Up Notifications: Click the bell icon ()  > gear icon () to choose delivery methods (e.g., email, Slack).

Integrate

Silent Push integrates seamlessly with SIEM, SOAR, and threat intelligence platforms like Splunk, Palo Alto XSOAR, and ThreatConnect, enhancing workflows with pre-scored data and IOFA feeds. The Enterprise edition offers higher API call limits and advanced automation for tailored integrations.

Data Export

• Access Data Export, download files (e.g., IOFA Exports), and use code snippets (e.g., Python) for integration.

Integrations

• Connect SOAR (e.g., Palo Alto XSOAR), SIEM (e.g., Sumo Logic), or TIP (e.g., ThreatQ).

API Functionality

• Generate a key in Organization > API Keys and use the Threat Check API for lookups.

Take Action

Use Silent Push’s tools to analyze threats, map vulnerabilities, and monitor risks in real time.

Total View

Enter a domain, IP, or ASN from the main menu, select Total View, and start with Highlights. Use Domain Wide View for subdomains and pivot on blue data points.

Web Data

• Web Search: Craft queries (e.g., favicon_murmur3 = 309020573 AND domain != "PayPal.com") via Query Constructor or CLI.

• Live Scan: Enter a URL (e.g., suspecturl.com) for real-time data and risk scores.

WHOIS Data

• Query WHOIS Search or check WHOIS History for ownership details.

DNS Data

• Use DNS Data for lookups, nameserver analysis, and risk scoring.

Attack Surface Mapping

• Map your footprint with Digital Footprint for Domain and detect Dangling DNS or Shadow IT.

Brand Impersonation

• Run queries for typosquats or favicons, and set up Monitors for alerts.

Monitors

• Create a Monitor (e.g., for phishing) and enable email alerts.

Advanced Query Builder

• Build queries with regex (e.g., for certificates) and export results.

SPQL

• Learn syntax via SPQL Syntax Rules and query data sources with the API or CLI.

Threat Intelligence Management

• Use Feed Search with SPQL and view TLP Amber Reports for threat insights.

Next steps

Begin with Web Search for historical trends or Live Scan for real-time checks. This article clearly explains the differences between the two. Contact help@silentpush.com for support, join a webinar, or explore the Community Edition to refine your skills. Start securing your digital footprint today!