Spectra Analyze vs. Spectra Intelligence
Spectra Analyze and Spectra Intelligence are both ReversingLabs file analysis platforms, but they serve different use cases and deployment models. This page clarifies when to use each product and how they work together.
Spectra Analyze
Spectra Analyze is an on-premises malware analysis platform for security analysts who need to analyze individual files, investigate samples, and manage threat classifications within their own infrastructure.
Deployment: Hardware appliance or OVA virtual machine, deployed within your network. Files never leave your environment.
Primary interface: Web UI for analysts. Also provides a REST API for automation.
Core capabilities:
- Upload and analyze files manually or via API
- View detailed static analysis reports (file structure, extracted indicators, MITRE ATT&CK mapping)
- Dynamic analysis via sandbox integration
- YARA rule management and retroactive scanning
- Sample search across analyzed files
- Classification overrides and goodware management
- Multi-appliance management via Spectra Detect Manager
Best for:
- Security analysts conducting manual investigations
- Organizations with strict data residency requirements
- Incident response and malware triage workflows
- Teams needing full control over retention and classification
Spectra Intelligence
Spectra Intelligence is a cloud-based threat intelligence service providing file reputation, malware analysis, and threat feeds via APIs. It draws on a dataset of billions of analyzed files.
Deployment: Cloud service accessed via API or web portal. Queries use file hashes only — no file upload required for reputation lookups.
Primary interface: REST API for integration into security tools and workflows. Also provides a web portal.
Core capabilities:
- File reputation lookup by hash (MD5, SHA1, SHA256)
- Full static analysis reports via API
- Threat feeds (TAXII 2.1, direct download)
- Malware hunting and bulk hash queries
- Network threat intelligence (domains, IPs, URLs)
- Dynamic analysis integration
Best for:
- Security tools and SIEM/SOAR integrations needing automated file reputation
- High-volume hash lookups across large file inventories
- Threat intelligence teams consuming feeds
- Organizations without on-premises infrastructure
- Developers building security applications
Comparison
| Spectra Analyze | Spectra Intelligence | |
|---|---|---|
| Deployment | On-premises | Cloud |
| File data location | Your infrastructure | Cloud (hashes only for reputation) |
| Primary interface | Web UI + API | API + web portal |
| Analysis dataset | Your uploaded samples | Billions of files (global dataset) |
| File upload | Yes (required for analysis) | Optional (hash lookup available) |
| Threat feeds | No | Yes (TAXII, direct) |
| YARA management | Yes | Via API |
| Dynamic analysis | Yes (sandbox integration) | Yes (via API) |
| Multi-product management | Yes (via SDM) | No |
| Best for | Manual investigation | Automated integration |
Using both together
Spectra Analyze and Spectra Intelligence are designed to complement each other:
- Spectra Analyze can query Spectra Intelligence for additional context on analyzed samples — enriching local results with cloud threat intelligence
- Security teams use Spectra Intelligence for automated triage in high-volume pipelines, then route suspicious samples to Spectra Analyze for deeper investigation
- YARA rules developed in Spectra Analyze can be shared and applied at scale via Spectra Intelligence APIs
Key takeaways
- Use Spectra Analyze when you need an on-premises analyst workbench with full control over file data
- Use Spectra Intelligence when you need cloud-scale file reputation and threat feeds for automated workflows
- Use both for complete coverage: automated triage at scale plus manual investigation for complex cases
Related documentation
- Spectra Analyze documentation
- Spectra Intelligence documentation
- Static vs. Dynamic Analysis — analysis methodology comparison