0
3.14.0
Zurich, Yokohama, Xanadu, Washington DC, Vancouver
Threat Intelligence Security Center (TISC) is a comprehensive platform designed to bolster organization's cybersecurity posture by providing advanced threat intelligence capabilities. Built to address the evolving landscape of cyber threats, the TIP empowers security teams with actionable insights to proactively detect, mitigate, and respond to potential security incidents.
- Curated catalog of popular OSINT Threat feed sources.
- Integration of premium feeds to enhance threat intelligence.
- Capability to automatically identify and extract all observables from the uploaded files.
- Granular expiration policies
- Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
- Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
- Correlation rules for automatically establishing relationships between observables.
- Customizable threat score calculator for nuanced threat assessment.
- Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
- User-specific dashboards tailored for Threat Intel personas.
- Graphical visualization tools for comprehending Threat Intel data.
- Dedicated Threat Intel Analyst Workspace for streamlined operations.
- Threat hunting with case/task management functionalities and interactive investigation canvas
- Automated MITRE ATT&CK Technique extraction and rollup.
- Enable seamless integration with SIR and facilitate smooth data migration from Threat Intelligence within SIR to the Threat Intelligence Security Center.
- Establish notification rules to trigger alerts based on threat intelligence.
- Define data retention and cleanup policies.
- Generate and share status reports and investigation summaries using Case reports' rich text editor experience and customizable report templates.
- Domain separation support for MSSP use cases.
- Integrate with security tools using TISC API.
- Point integrations with security tools and sample flows for automated actions
- Webhook support for real-time, trigger-based notifications
- Data migration utility for migration from SIR Threat Intelligence module to TISC
New:
- Import Intelligence: Introduced functionality to import observables into the Allowlist or Denylist directly from the Import Intelligence module.
- CrowdStrike Feed: Enabled mapping of CrowdStrike qualitative confidence levels to TISC quantitative confidence within the advanced settings of the CrowdStrike feed.
- Feed Enhancements: Added support for custom field mapping in feed configurations, applicable to TEXT, CSV, and JSON formats.
- MITRE Extraction: Expanded MITRE technique and tactic extraction rules to facilitate extraction from Observable Enrichment results.
- SIR Workspace Integration: Provided options to include confidence levels, tags, and notes when transferring observables from the SIR workspace to TISC.
- Investigation Canvas Upgrade:
- Enhanced the Investigation Canvas with a redesigned layout to improve graphical visualization and promote more intuitive node distribution.
- Incorporated features for creating new nodes, grouping or ungrouping nodes, and clearing the entire canvas.
- Introduced an option to create and link a new case directly from the canvas.
- Implemented a capability to retrieve all associated records simultaneously via the Fetch Related Records action on a node.
- Added Legend to help users identify various node and edge types, enhancing graph interpretation.
- Updated the MITRE ATT&CK card to allow creation of saved filters for TTPs of specific adversaries and other technique attributes. Selected nodes now appear as pills on the MITRE card for improved contextual awareness.
- MITRE ATT&CK Enhancements: Enabled assignment of priorities and tags to MITRE techniques.
- Threat Intelligence Security Center for Splunk: Modified the GET Observable API to allow configuration of additional observable attributes for inclusion in Splunk KV Lookup.
- Default TLP setting: Added a system property to configure the default Traffic Light Protocol (TLP) setting for new records in TISC.
Fixed:
- Resolved an issue causing the CrowdStrike integration to enter an infinite loop.
Dependencies:
- Security Case Management common workspace components
- Threat intelligence support common
- Security support common
- Reporting common
- Seismic Component for ServiceNow(sn_node_map)