"In my experience, today’s security analytics fail to detect advanced, targeted attacks. What is needed is something built from the ground up to detect threats that traverse multiple tactics and entities over long time horizons. PatternEx’s concept of ‘virtual analysts’ does exactly that, and has helped improve our SOC efficiency."

Thomas Whang, Impelix

patternex VAP arch diagram

Product Overview

PatternEx Virtual Analyst Platform software ingests log data from 50+ data sources, computes 1000+ analytics in real-time, and uses 100+ pre-trained AI models to analyze the data.  The result is highly accurate and contextualized alerts mapped to the MITRE ATT&CK framework for complete attack lifecycle visibility.

The software installs in less than 60minutes and can be used by Level 1 analysts for incident response, Level 3 analysts for deeper investigations, and threat hunters for AI enabled threat hunting.  And with a complete API and multi-tenancy, PatternEx Virtual Analyst Platform will seamlessly fit into your SOC data and orchestration workflow.

Request a Demo     Read More

Security Analytics

  • Built-in: 1000+ analytics from a variety of data sources such as application, workload, cloud, network, users/identity, and end-point in real-time
  • Extensible: create custom analytics using SQL and PatternEx library of common cyber security primitives

Request a Demo     Read More

analytics create screen cropped black background
data sources image with white background-1

Data Sources

Your attack surface is broad and is changing. So to ensure complete coverage, PatternEx Virtual Analyst Platform supports all major data categories and ships with over 50+ data sources ready to ingest.   Additionally, threat intelligence data and existing labeled attack data also can be incorporated into the analysis.

 Request a Demo     Read More



PatternEx Virtual Analyst Platform’s AutoCorrelation module:

  • Connects various threat tactics, techniques, and entities together, even over long periods of time and for indirect relationships
  • The Attack Navigator and cluster view enables the analyst to interactively investigate the attack sequence and its impact
  • Reduces time for investigations by 20x

Request a Demo     Read More

ac image in black background zoomed
model create screen black background-1

AI Model and Rule Builder

Analysts can use the Builder to:

  • Create custom outlier (anomaly) detectors from 1000+ prepackaged analytics or custom analytics
  • Create custom rules from 1000+ prepackaged analytics or custom analytics
  • Run models iteratively to hunt for new threats
  • Deploy models on live data to generate reports and/or alerts
  • Perform retrospective analysis to identify missed threats

Request a Demo     Read More

Model Lifecycle Management

PatternEx Virtual Analyst Platform enables the adoption of AI workflows :

  • Generate alerts with AI detection models and embed the findings in analyst workflows
  • Customize the deployment strategy to prioritize the best performing models
  • Learn from alert resolutions to improve detection rates
  • Assess model performance by comparing model findings and alert resolutions

 Request a Demo     Read More

model management lifecycle image white background

PatternEx Sample Use Cases (Mapped to MITRE ATT&CK Phases)

MITRE Phase:
Initial Access

AI model example:
Social engineering domains

This AI model speeds up detection of social engineering domains using 10+ simultaneous analytics. These analytics include, among others, the lexicographic characteristics of the domain name (length, digit ratio, vowel ratio, etc..), the domain age, and its popularity.  The benefit is that the time between detection and remediation will be much shorter than waiting for published blacklists.

MITRE Phase:
Defensive Evasion

AI model example:
TOR connections

This AI model detects TOR connections using bridges, and thus where IP’s are not listed publicly so blacklists will not work. This model looks at log footprints to see where bridges may be used to avoid detection.




MITRE Phase:
Command & Control (C2)

AI model example:
Domain Generation Algorithms (DGA)

This AI model detects DGA’s (used by C2 systems to exfiltrate data and/or receive commands).  We have shown this model to identify DGAs before the corresponding signatures are reported in VirusTotal - reducing the risk of data exfiltration or lateral movement.

MITRE Phase:

AI model example:
Exfiltration via DNS queries

This AI model uses 10+ DNS analytics to identify stealthy data exfiltration strategies. Most enterprises do not monitor DNS in this way, and thus this model fills a vital gap in threat detection.



PatternEx Coverage of MITRE's ATT&CK™ Matrix