ThreatConnect expands its threat intelligence analysis workbench

By | 11:58 PM Leave a Comment

To continue to help organizations streamline threat intelligence, operations, and incident response, ThreatConnect announces improved functionality and features to ease security operations process automation and integration.

Improved features and functionality include:

  • Updated Search: With the new Search feature, users are able to find information and intelligence faster. Results now provide clearer and more relevant information, including Observations and False Positive reports. Files and documents are also parsed and the results sorted using ThreatConnect’s proprietary ThreatAssess algorithm, which allows analysts to uncover the malicious indicators.
  • NEW Graph View: From the graph view, users can pivot to find additional relationships and view in-depth information without losing context on their investigation. The Graph View is available in ThreatConnect for every Indicator, Group, and Tag in the Platform. With Graph View, users now have a range of options to understand relationships in-depth and build out their investigations for faster understanding of threats.
  • NEW Notifications Center: The Notifications Center helps analysts stay on top of critical updates to their intelligence. Users have control over what they’re notified about and how often, and have multiple notifications options: an in-app alert, an immediate email, or a digest email. Users can also create custom notifications using ThreatConnect’s API or Playbooks. By expanding the notifications capability, analysts can accomplish monitoring tasks.
  • Indicator Status: Users now have the ability to manage the status of Indicators in the Platform automatically with ThreatConnect’s CAL (Collective Analytics Layer) or set Indicator status manually. With this, analysts can keep a record of benign and/or formerly malicious indicators even if they don’t want the indicators considered for action.

“Our goal is to help Security Operations Centers and threat intel teams run with high efficiency and effectiveness. These new features will help analysts be able to investigate threats faster and more effectively and share the impact of their efforts with their security team and other staff. We will continue to improve the Platform’s capabilities to provide organizations the confidence that they are basing actions and decisions on relevant threat intelligence.”, said Andy Pendergast, ThreatConnect’s Vice President of Product.


from Help Net Security https://ift.tt/2mYhmz4

0 comments:

Post a Comment