0
3.13.0
Yokohama, Xanadu, Washington DC
Threat Intelligence Security Center (TISC) is a comprehensive platform designed to bolster organization's cybersecurity posture by providing advanced threat intelligence capabilities. Built to address the evolving landscape of cyber threats, the TIP empowers security teams with actionable insights to proactively detect, mitigate, and respond to potential security incidents.
Following are the key features for TISC:
- Curated catalog of popular OSINT Threat feed sources.
- Integration of premium feeds to enhance threat intelligence.
- Capability to automatically identify and extract all observables from the uploaded files.
- Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
- Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
- Correlation rules for automatically establishing relationships between observables.
- Customizable threat score calculator for nuanced threat assessment.
- Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
- User-specific dashboards tailored for Threat Intel personas.
- Graphical visualization tools for comprehending Threat Intel data.
- Dedicated Threat Intel Analyst Workspace for streamlined operations.
- Threat hunting with case management and task functionalities.
- Empowering users to associate MITRE ATT&CK information with case records.
- Seamless integration with SIR and data migration capabilities from Threat Intelligence to Threat Intelligence Security Center.
New:
Outbound TAXII Collection Sharing to TISC Instances:
Added support for sharing data through Outbound TAXII Collections to other TISC instances through STIX 2.1.
Support for STIX and MISP Format Sharing (On-Demand & Automated):
Users can now share threat intelligence data in both STIX 2.1 and MISP formats. This supports:
- On-Demand Sharing: Share selected observables or indicators or objects on demand by setting up outbound profiles and templates.
- Automated Sharing: Set up automation flows to distribute threat data to trusted partners or systems.
Receive Intelligence in STIX 2.1 and MISP Formats via Inbound Profiles:
Introduced the ability to receive threat intelligence from external sources by configuring inbound profiles. The system supports both STIX 2.1 and MISP formats, enabling seamless integration and ingestion of threat data into the platform.
Dependencies:
- Security Case Management common workspace components
- Threat intelligence support common
- Security support common
- Reporting common
- Seismic Component for ServiceNow(sn_node_map)