We’re constantly working to improve our offerings here at ReliaQuest, and today we’re excited to announce the launch of a new feature in GreyMatter, our Open XDR-based security operations platform. This feature, GreyMatter Intelligent Analysis, uses cutting-edge security automation technology to reduce or eliminate the manual aspects of the investigation lifecycle and process.

Additionally, we’ve made some big improvements to existing features, including better usability for GreyMatter threat intelligence, an improved GreyMatter home page, and new ecosystem integrations.

What’s new in GreyMatter:

    • New feature: Intelligent Analysis
    • Improvements to threat intelligence feeds
    • Digital Shadows (now ReliaQuest) threat insights and IOCs
    • Insight-rich GreyMatter home page
    • Additional ecosystem integrations
    • Microsoft 365 E5 support

For details on all these updates, read on.

New Feature: GreyMatter Intelligent Analysis

Any security operations center struggles with issues like alert fatigue, skills shortage, and keeping up with increasingly sophisticated cyber attacks. Intelligent Analysis is our answer to those problems.

With Intelligent Analysis, you can:

  • Help your team fight alert fatigue
  • Get answers faster
  • Minimize the risk and impact of threats

Fight Alert Fatigue

Alert fatigue is a major problem in any security operations, with security teams receiving hundreds of unprioritized alerts every day. Many turn to security automation to help them cope, but results are often mixed. That’s where our new feature, GreyMatter Intelligent Analysis, comes in. Intelligent Analysis automates this process to investigate and respond to these alerts, empowering security operations teams to focus on identifying and mitigating true threats to the organization.

With GreyMatter Intelligent Analysis, your team will get a single integrated and transparent view of your security environment, eliminating “swivel-chair” security. GreyMatter Intelligent Analysis automates the investigation process and lifecycle by collecting all related artifacts and data across multiple platforms (SIEM, EDR, multi-cloud, etc.), and providing recommended actions. This allows security teams to spend less time on “low-brain, high-time” activities and more time focused on addressing the threats that matter.

Get Answers Faster

Just about every industry is suffering from a skills shortage, and cybersecurity is no exception. Unfortunately, the gap is only growing, further stressing an already exhausted workforce. The average security team has 40+ tools and deals with hundreds, even thousands of alerts every day. Because GreyMatter Intelligent Analysis automates the investigation process, security analysts can quickly understand the who, what, when, where, why, and how behind an alert. GreyMatter Intelligent Analysis helps organizations make decisions on how to mitigate threats by delivering answers and recommendations about how to respond to alerts in 20 minutes or less.

Because GreyMatter Intelligent Analysis reduces the manual effort needed from your teams to investigate and respond to alerts, they’ll be able to focus on the true threats to your business, its employees, and its assets.

Minimize the Risk and Impact of Threats

One of the most difficult challenges in the cybersecurity industry is keeping up with the bad guys. The stereotypical lone-wolf hacker is no longer reality. Today, cyber-hacking is a multi-billion-dollar business enterprise, complete with institutional hierarchies and R&D budgets. They are constantly developing new ways to exploit vulnerabilities and attack systems. And they’re only going to get faster – orchestrating every phase of their attacks in a matter of hours. Organizations will need to find ways to both identify and respond to these sophisticated attacks in minutes.

Intelligent Analysis can help mitigate increasingly sophisticated attacks by quickly identifying and providing context around them. Intelligent Analysis automates across the alert investigation process and lifecycle to deliver answers to alerts in 20 minutes or less.

GreyMatter provides playbooks that support automated threat detection, investigation, and response. Intelligent Analysis automatically collects and aggregates investigation-related data and artifacts, providing security teams with recommended actions to mitigate the alert.

On top of all that, customers will have access to our global team of security analysts and engineers with proven expertise.

Other GreyMatter Improvements

Threat Intel Feeds

  • Customization: Control the delivery of your threat intel feeds. Easily add, remove, or update any GreyMatter-supported feeds. Users can also request to have their own commercially available threat feed subscriptions “bring your own keys” integrated into their custom list of available threat feeds.
  • Improvements to search: Get results faster with new autocomplete and predictive searching.
  • Clearer data insights: Effectively analyze search results with more filtering and widget options. Plus, get relevant, timely data from Digital Shadows (now ReliaQuest) IOCs.
  • Weekly intelligence updates: Stay up to date on the latest security threats and trends with intel updates powered by our Digital Shadows (now ReliaQuest) team.
  • Enhanced emerging threat coverage research: Research from our Digital Shadows (now ReliaQuest) in-house team of analysts gives ReliaQuest customers real-time updates on breaking intelligence news and threats.

GreyMatter Home Page

  • Security summaries: Get a quick overview of active alerts directly on the home page.
  • Links to what’s in progress: See at a glance which threat hunting campaigns are active, all deployed detection rules, and all GreyMatter integrated log sources, plus quick links to access.
  • Performance visibility: See right on the home page how your tools and teams are performing and how your security posture measures up.

Microsoft 365 E5 Support

GreyMatter brings together telemetry from Microsoft 365 E5 and non-Microsoft security solutions to deliver singular visibility across the entire enterprise ecosystem.

Additional Integrations

New integrations include:

  • Microsoft Graph
  • Microsoft Azure Active Directory
  • Sumo Logic

Recertified integrations include:

  • Carbon Black Threat Hunter
  • Mimecast
  • Palo Alto Wildfire
  • SentinelOne


We hope these new features can help your teams make security possible for your organization. As always, please reach out with questions. Current customers can direct questions to or learn more about this feature from their success managers.