Correlens

Use case · Supply-chain risk

A supplier breach, resolved to the parts it puts at risk.

When a dark-web actor advertised data allegedly stolen from a large connected-engineering partner, the useful question was never “is this real?” alone. It was “which of our components, ECUs and programs does this supplier touch?” This is how that question gets answered.

1 · The signal arrivesAn actor advertises ~35 GB allegedly stolen from Accenture on a dark-web forum, claiming source code, cloud tokens and credentials. Accenture publicly confirmed an incident; the claimed volume was never verified.
2 · Scored, not amplifiedThe AI weighs the claim against the actor’s track record. This actor has a documented history of inflating scope, so the signal lands as medium confidence: reported, not escalated as fact.
3 · Correlated to your graphThe supplier is already in your register, linked to the components it ships you. The platform resolves the breach to the exact shared components, the ECUs they sit on, and the programs at risk, ranked.
4 · A person decidesAn analyst confirms relevance, re-scores for the real vehicle context, and the decision plus its reasoning is recorded. The audit trail writes itself.

The outcome

Decision trail

A vague dark-web boast became a short, ranked list of components and programs with an owner and a recorded decision, in minutes instead of a scramble. The same trail is the evidence an assessor later asks for.

Decision trailsample data
09:41Signal ingested and deduplicated across sourcesSIG-4471
09:41Confidence scored against actor history0.62 · MEDIUM
09:43Resolved to shared components and programs3 COMPONENTS
10:02Analyst confirmed relevance, re-scored for contextANALYST K.M.
10:05Exported as STIX 2.1 to the (V)SOCSTIX 2.1
Every step above is a record: who, when, what changed, and why.

See this run against your own suppliers.

Book a demo