0
3.12.0
Yokohama, Xanadu, Washington DC, Vancouver
Threat Intelligence Security Center (TISC) is a comprehensive platform designed to bolster organization's cybersecurity posture by providing advanced threat intelligence capabilities. Built to address the evolving landscape of cyber threats, the TIP empowers security teams with actionable insights to proactively detect, mitigate, and respond to potential security incidents.
Following are the key features for TISC:
- Curated catalog of popular OSINT Threat feed sources.
- Integration of premium feeds to enhance threat intelligence.
- Capability to automatically identify and extract all observables from the uploaded files.
- Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
- Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
- Correlation rules for automatically establishing relationships between observables.
- Customizable threat score calculator for nuanced threat assessment.
- Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
- User-specific dashboards tailored for Threat Intel personas.
- Graphical visualization tools for comprehending Threat Intel data.
- Dedicated Threat Intel Analyst Workspace for streamlined operations.
- Threat hunting with case management and task functionalities.
- Empowering users to associate MITRE ATT&CK information with case records.
- Seamless integration with SIR and data migration capabilities from Threat Intelligence to Threat Intelligence Security Center.
New :
- Export Options for Threat Intelligence Library:
- Added support to export observables, indicators, and cases from the list views in STIX 2.1 JSON, CSV, and Excel formats.
- Additional API filter settings for CrowdStrike feed configuration:
- Added settings to ingest indicators of interest based on associations to threat actors, threat reports, or malware families, including an option to include indicators deleted on CrowdStrike.
- Create security incidents from TISC Cases:
- New UI action to create a security incident directly from a TISC case with an option to associate observable artifacts to the security incident.
- MITRE Repository mapping enhancements:
- Ability to extend MITRE Repository data by mapping entities from the Threat Intelligence library.
- Duplicate feed configurations:
- New UI action to easily duplicate a Threat Intelligence Feed configuration.
- Feed enhancements:
- Automatically skip any commented lines in the List feeds during ingestion.
Changed :
- Renamed Course of Actions to Courses of Action.
- Renamed Inbound Filtering Rules to Inbound Data Exclusion Rules.
Fixed :
- Mismatch in count of processed source records and total aggregated records in Observable table when large sets of data is ingested.
- RSS feeds fetching data that are older than the date specified in Fetch Data From field.
- OutOfMemory caused by job Refresh Affected CIs, Assets and Services for Vulnerabilities.
- IPv6 Addresses are ingested as IPv4 addresses, when ingested through CrowdStrike.
- Expiry days field is not taking values greater than 100 in the expiration rules.
- Few security related issues.
Dependencies:
- Security Case Management common workspace components
- Threat intelligence support common
- Security support common
- Reporting common
- Seismic Component for ServiceNow(sn_node_map)