PolySwarmPolySwarmPolySwarmPolySwarm
Help

Roles in the Marketplace

PolySwarm is a threat intelligence marketplace with Microengines supplying intelligence, Ambassadors brokering access to the intelligence and Arbiters determining ground truth, mediating the marketplace.

How it works (refer to this diagram):

  1. An Ambassador "bounties" a suspect artifact (a file, URL, IP address or domain) on behalf of its customer.
  2. Microengines are alerted to the bounty and decide whether the artifact is within their area of expertise.
  3. If the Microengine feels that it is able to correctly categorize the artifact as malicious or benign, it produces an assertion and places a stake of NCT on that assertion.
  4. The Ambassador considers all the Microengines' assertions and returns a verdict to their customer.
  5. Some time passes.
  6. Arbiters offer ground truth regarding the malintent of the artifact.
  7. Microengines whose assertions match ground truth are rewarded with the escrowed funds of Microengines that disagreed.

For full details, please refer to the PolySwarm whitepaper.


Microengines

Microengines offer threat intelligence in exchange for NCT.

Microengines are developed by individuals or organizations who have a knack for identifying malware. If you have unique insight into a particular malware family, class, file type, etc and want to earn tokens (NCT) along with a reputation for that insight, then you want to develop a Microengine!

What Makes a Microengine

Microengines encapsulate security expertise in an autonomous process that earns Nectar (NCT) rewards for accurately identifying new strands of malware.

Specifically, Microengines:

  1. Listen for bounties on the Ethereum blockchain (via polyswarmd)
  2. Download artifacts (via polyswarmd)
  3. Scan/analyze the artifacts
  4. Determine a Nectar (NCT) staking amount
  5. Deliver an assertion (their verdict + stake) back to the marketplace

Developing a Microengine

Ready to develop your first Microengine and start earning NCT?

Set up a Linux development environment (Recommended) →

Linux-based Microengines are far easier to test and come with more deployment options than Windows-based Microengines. If possible, we highly recommend building Linux-based Microengines.

My scan engine only supports Windows; set up a Windows development environment →


Ambassadors

Ambassadors place bounties (artifacts + NCT) and receive timely crowdsourced threat intelligence in response.

Enterprises seeking to query PolySwarm for threat intelligence may:

  1. purchase a subscription directly from Swarm Technologies
  2. work with a third party that runs an Ambassador on their behalf
  3. act as their own Ambassador

Developing an Ambassador

If your organization requires finer grained control over marketplace interactions or you wish to build value-added services on top of PolySwarm (e.g. as an MSSP), you may want to build an ambassador.

Set up a Linux development environment →

Ambassadors are only supported under Linux.


Arbiters

Arbiters are paid (via marketplace transaction fees) to determine ground truth.

Arbiters marshall the marketplace by way of determining "ground truth". Arbiter serve a critical role: Arbiter-derived ground truth is used to determine which Microengines are correct and thus rewarded. Crucially, Arbiters must expand their internal threat detection capabilities, taking into consideration the assertions of Microengines to push the boundaries of what the PolySwarm marketplace can detect.

Learn more about creating an Arbiter → (coming soon)