Introduction to the ins and outs of EclecticIQ Fusion Center Intelligence Essentials
What is the EclecticIQ Fusion Center?
The EclecticIQ Fusion Center actively researches Threat Actors, Intrusion Sets and their associated TTPs (Tactics, Techniques and Procedures) in order to provide a holistic threat picture. This is all represented in structured (STIX) data and routinely cross referenced with incoming feeds to identify potentially new and relevant data to grow our understanding of the threat. These include new Campaigns from established Intrusion Sets identified in feeds, as well as products from our online monitoring sources (such as Dark web monitoring) which are more targeted at the individual level.
What is Intelligence Essentials?
The Intelligence Essentials theme covers a wide variety of malwares, breaches, threat actors, campaigns and much more, which are relevant for any organization with an IT environment. It is developed as a foundational package to kick-start your organization’s threat intelligence practice, which provides you with an overview of the newest appearing threat actors and their methods, big security breaches or important patches.
EclecticIQ Fusion Center’s best practice is data-tagging and production processes that allow multiple different users (of different levels of access and maturity) to get a hold of the data which is relevant for them. Our veteran threat analysts systematically analyze, enrich, and refine multiple intelligence feeds into a single Intelligence Essentials bundle. This frees your security team from tagging, correlating, or evaluating raw intelligence feeds, saving you time and money.
Instead of machine-generated Indicator of Compromise (IOC) and Indicator of Attack (IOA) data, you’ll have a carefully fused bundle which will give you:
Situational awareness of the key threats to enterprise IT environments
IOC’s and IOA’s to ensure the detection of those threats
Structured intelligence, containing the story of the who, why, what and where around it, to use for response
What to expect?
EclecticIQ Fusion Center Intelligence Essentials gathers, preprocesses, normalizes and analyzes all the data provided from a selection of sources. These include reporting from a select numbers of commercial sources (such as our partner Intelligence suppliers Redsocks and SenseCy), external open source reporting (e.g.: news and media) on relevant topics and reports created by the Fusion Center analyst team, who will add their own unique insights.
The analyzed data from all sources are delivered in four different products:
1. Daily Digest
The Daily Digests are summaries of information processed by our Fusion Center analysts which will be delivered in the form of written summaries. All of the digest items include a headline, source information, relevant tags and links to relevant sources. The items in the Daily Digest are carefully selected by our Fusion Center analysts, to provide you with a quick and easy digestible overview of the most important topics of the last 24 hours.
The Daily Digests are specifically created for executives, analysts and decision makers.
2. Report feed
This is a feed containing selected report items created in the Fusion Center, based on both open sources and our partner intelligence suppliers.
The Report feed is tailored to serve for decision makers and analysts.
3. IOC/IOA Feed
The IOC/IOA feed is a feed full of Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), for use in system-to-system deliverables. This feed contains pure IOCs (i.e.: Indicator entities only) to facilitate rapid Indicator deployment in several delivery formats and content. They are high confidence, high maliciousness rating domains for deployment to Firewall blocking rulesets and IP blacklist for IDS alerts. The IOC’s and IOA’s are delivered over CEF, CSV and STIX.
The IOC/IOA feed is specifically created for SIEM systems such as HPE Security ArcSight ESM.
4. Structured data feed
This feed delivers the TTPs and actors associated with the IOC feeds to support Intelligence Management. This feed is set up to incorporate Intrusion Set / TTP summaries into the customer knowledge base. This structured intelligence will be delivered over EclecticIQ JSON and STIX.