Arbitr ThreatOps™:
A New Way To Visualize Cyber Incidents
Arbitr’s Threat Matrix cyber maps based on our GIBSEN visual language help to create time-driven reports from the investigators perspective.
Try the Beta Now!

The Arbitr ThreatOps Platform is a new API-driven solution that automates incident investigations for security alerts and threat hunting. The platform is API-driven to source incident information from the leading security tools and cyber threat intelligence reports. Our platform enables you and your security teams to rapidly assess, investigate, and report cyber incidents efficiently, collaboratively, and driven by data.

Arbitr Threat Matrix is a time-driven map of the actions and behaviors of an adversary’s attack. It automatically sequences an incident from inception to completion across four major domains:
  • Cloud (Hyperscalers/SaaS)
  • Networks (Internal & External)
  • Hosts (Servers/Endpoints, Memory, Registry, Storage)
  • Operational Technology (OT, IoT, PLCs)

Arbitr’s GIBSEN Visual Language is a simple descriptive iconology used to build an intuitive, time-driven representation of the processes, artifacts, and behaviors used in each cyber incident. GIBSEN diagrams are divided into four planes: Cloud, Network, Hosts, and Operation Technology. Each artifact node in a GIBSEN diagram is a database structure that contains the artifact category, the technical details, forensic logs, and analyst commentary. GIBSEN diagrams enable you to easily identify and remediate causal events or patterns to create TTPs to prevent entire families of attacks, not just individual IOCs.

The Arbitr ThreatOps Platform is designed to enable incident reporting on multiple levels. Most incidents that warrant report development will also have various audiences. You will be able to select the level of reporting and technical details included to address the different needs of business, governance, and security operations. We enable you to select the level of reporting required for each audience:
  • Executive level for Boards, Auditors & Insurer
  • Technical level for CIOs, CTO, and CISO
  • SecOps level for detection engineering and training