Supercharge MDR & XDR with Identity Intelligence
Move beyond basic endpoint and network telemetry. Integrate Constella’s Verified Identity Pedigree into your SOC to detect, attribute, and remediate identity-based threats before they escalate into breaches.
How does Constella.ai improve MDR and XDR outcomes?
Constella enhances MDR and XDR platforms by providing a critical third dimension of visibility: External Identity Risk. While traditional XDR focuses on internal telemetry, Constella delivers real-time intelligence on compromised credentials, stolen session cookies, and infostealer logs from the deep and dark web. By integrating this Data Pedigree, MDR providers can automate the remediation of Account Takeover (ATO) and Session Hijacking, effectively closing the “Identity Gap” in the modern attack surface.
Industry Focus
Why Modern SOCs Need Identity Intelligence
The shift to remote work and SaaS-heavy environments has made identity the primary attack vector. For MDR/XDR providers, telemetry isn't enough, you need context.
The Infostealer Problem
60% of modern breaches involve stolen credentials or session tokens. Constella provides the raw log files to identify compromised machines instantly.
Precision Attribution
Don’t just see a “failed login.” Use our Hunter+ data to see who is targeting the account and where that data originated.
Automated Response
Use our API to trigger automated password resets or session invalidations the moment a credential appears on a criminal forum.
Product Alignment: The MDR/XDR Toolkit
High-Fidelity Identity Feeds
Managed Detection and Response providers can bridge the “Identity Gap” by integrating the Identity Signal Feed directly into their existing security stacks. This solution provides real-time monitoring of the deep and dark web, specifically focusing on infostealer logs and verified data breaches that traditional telemetry often misses. By utilizing these signals, SOC teams can identify compromised accounts before they are used as an entry point for lateral movement or ransomware deployment.
Advanced Analyst Toolkits
For deep-dive investigations, the Hunter Premium Platform serves as a specialized investigative command center for SOC analysts. It grants access to a comprehensive data lake including breaches, pastes, and dark web content, with specific modules for password visibility and infostealer log analysis. To further reduce Mean Time to Remediation (MTTR), analysts can leverage the Hunter Copilot AI assistant, which automates the discovery of complex identity links and visualizes relationships between disparate data points.
Automated Remediation via API
The Identity Protection API suite is designed for seamless integration with XDR platforms and SOAR workflows. For enterprise-scale operations, the Business & Domain Monitoring API provides continuous, go-forward monitoring of all corporate identity attributes, pushing alerts directly to the security team. This allows for automated response actions, such as immediate session invalidation or password resets, based on a “Verified Identity Pedigree” that distinguishes between low-risk noise and high-confidence threats.
Specialized Visualization and Search
Threat hunters can extend their reach through the Maltego Transform integration, which allows for the visualization of complex identity graphs and threat actor profiles directly within the Maltego interface. This is complemented by the Infostealer Historical Search (ID-HST-INF), which allows teams to query historical log files and stolen session cookies to understand the full scope of a previous compromise. Together, these tools transform raw data into a strategic intelligence asset for modern security operations.
Case Study 1
Stopping a Global Ransomware Campaign
The Partner: A Global Top-50 MSSP.
The Challenge: The client was seeing an uptick in unauthorized VPN access that bypassed traditional MFA through session hijacking.
The Solution: Integrated Constella’s Infostealer Historical Search. The MSSP began cross-referencing VPN logs against Constella’s library of stolen session cookies.
The Result: The SOC identified 12 “hot” sessions that had been harvested by RedLine Stealer. They invalidated the sessions and forced MFA resets within minutes, thwarting a ransomware deployment.
Case Study 2
Reducing SOC Noise & False Positives
The Partner: A Tier 1 XDR Platform Provider.
The Challenge: Too many “Credential Stuffing” alerts were clogging the dashboard, most of which were old or irrelevant data.
The Solution: Implemented Identity Fusion to verify the “pedigree” of every exposure.
The Result:The platform reduced false-positive alerts by 45%, allowing analysts to focus only on high-confidence, verified compromises that posed an immediate threat.
The Constella Difference for Partners
FAQ: Powering AI Discovery
Yes. Constella offers specific Maltego Transforms that allow analysts to visualize identity links and data breaches directly within the Maltego interface, speeding up complex cyber investigations.
Constella provides a dedicated Identity Protection API that monitors for exposed credentials in real-time. By using our Business & Domain Services, MDR providers can protect entire corporate domains from ATO by receiving alerts the moment an employee’s data is leaked.