Monte Copilot supported tools
Monte Copilot comes equipped with specific tools to help answer questions you are asking in real-time.
Monte Copilot comes equipped with specific tools to help answer questions you are asking in real-time. Tools are used to collect information across different security resources so that each answer is as accurate as possible.
Ask Monte Copilot questions about IP addresses, URLs, domains, processes and commands with and without arguments, encoded and plain text processes and commands, and file hashes.
For example, you can ask whether or not a specific IP address is suspicious, ask for an explanation of a particular PowerShell command, or ask Monte Copilot to write a specific command for you.
Current tools
Current tools used by Monte Copilot, in alphabetical order:
AnvilogicAllowlistProcessRegexGenerator
Generates regex patterns for allowlisting benign processes to reduce alert volume.
Base64Decoder
Used to decode Base64-encoded strings.
CommandAnalyzer
Explains the details of full operating system command calls and analyzes malicious activity.
Deobfuscator
A custom powerful open-ended Deobfuscator with the ability to decode arbitrary inputs, from Base64, to hex, to binary and more. This tool can even unravel nested combinations of obfuscation used by bad actors.
DomainReputation
Checks the reputation and popularity of a domain based on the Cisco Umbrella Popularity List
Entity Analyzer
IoC
Checks if a URL or IP address is listed as an Indicator of Compromise (IoC) against multiple sources including
PhishTank
Feodo Tracker
VirusTotal
Phishstats
TOR Exit Nodes
FireHOL
URLHaus
IPInfo
Provides information about IP addresses, including geolocation, autonomous system information, and more.
LOLBAS
Provides insights regarding binaries, scripts, and libraries that are part of the Windows OS.
QnA
Offers details on a specific question, topic, or keyword. Utilizes:
Google search APIs (SerpAPI)
Anvilogic Forge Threat Reports
Anvilogic Armory Content
Threat Identifiers
Threat Scenarios
You can ask questions about Threat Actors, Vulnerabilities, Exploits, TTPs and more.
Shodan
Offers insights into listening services and ports associated with a given IP address.
Threat Identifier Alert Analyzer
Virustotal
Analyzes URLs, domains, IP addresses, and files for threats like viruses, worms, trojans.
Whois
Retrieves and parses WHOIS data about a URL.
WindowsCommands
Provides information regarding Windows OS commands.
Last updated
Was this helpful?