The Edgewatch Insight API enables security analysts to filter out internet-wide scanning and benign activity from their event logs, providing cleaner, more focused threat intelligence. It offers key endpoints, such as the Quick and Context APIs, to identify and retrieve detailed information about IP addresses, classifying them as “noise” (scanning traffic) or part of SLIGHT (benign business services). This API is particularly useful for reducing alert fatigue in security operations, helping teams prioritize real threats while filtering out irrelevant traffic more effectively.
This includes information on untargeted scans, random attacks, and general traffic patterns. Our service focuses on distinguishing real threats by filtering out non-essential noise, which is essential for minimizing false positives, identifying compromised systems, and enhancing understanding of network activities and security events.