So your SOC operation uses threat intelligence on a daily basis, your organization has established a cyber threat intelligence practice and you have a TIP to support your analysts’ work. That’s a great start.
But you may be processing multiple feeds and finding that intelligence from vendor A significantly differs from vendor B. Or perhaps your analysts are having a hard time aligning the content from each feed with your own STIX data model?
Don’t worry: This is where source crafting can help.
You know how seriously we take threat intelligence standards. But STIX is very flexible with a lot of room for interpretation. That means that two analysts in the same organization can easily create multiple interpretations of the same data.
In this blog post we show you how we agree on data models at EclecticIQ Fusion Center so our analysts can work with different feeds but with a consistent structure.
Can’t wait for the end of September to find out what’s in EclecticIQ Platform 2.3.0? Well, you don’t have to. Here’s a sneak peek as to what’s planned.
The new features revolve around two themes:
Release 2.3.0 provides enhanced collaboration within EclecticIQ Platform and delegated administrative responsibilities for teams or groups. The enhanced sharing capabilities of workspaces, datasets and graphs ensures that analysts have better control over who can view and collaborate within these features. These features not only improve the cooperation among analysts, but the organization is assured that confidentiality is more easily protected at a granular level.
With release 2.3.0, data retention management allows system administrators to automatically purge threat intelligence in accordance with your organizational policies. The automated deletion of threat intelligence makes it simpler to remove irrelevant information and only retain intelligence that you need.
Editing a retention policy entity
The steady stream of new and updated integrations continues. In Q3 there are seven new integrations planned, as well as eight updates to existing ones and an integration app.
The integrations contain a mixture of feeds and enrichers. To give you a flavor of what’s in production, here’s a couple of highlights.
Check out our website for an overview of all our integrations. We update the page as we add new integrations to our ever-growing catalog.
The beauty of our Intelligence Bundles is that they provide you with a single curated source of relevant CTI from leading global suppliers. We have five Intelligence Bundles – each centered around a specific intelligence requirement:
It’s difficult to pick out just a couple of things to highlight from EclecticIQ Fusion Center as there is so much we could cover. But – to give you a flavor...
Our analysts are continually looking at ways to enhance their way of working. Most recently the underlying research process for investigating the country regional intelligence has been improved, which directly benefits customers who receive our Victim-centric bundle. This bundle of structured intelligence provides customers with actionable intelligence associated with data breaches of their organization or targeted against specific regions of interest. With the research improvements, it means that the intelligence you receive is of even better quality than before.
The foundation which underpins all our structured intelligence is what we call Knowledge Mastery. The improvements that we’ve introduced mean that our core intelligence is now STIX 2.0-aligned, the data is of higher quality – both in terms of structure but also relationships and there being less noise due to a significant reduction in uncategorized data. What’s even better is that any advancements we make here ripple through everything that we do – so all our customers feel the benefit!
Finally, some useful links and videos to improve your understanding of Threat Intelligence and EclecticIQ.
Three months ago, we started the EclecticIQ blog to share Intelligence reports from our Fusion Center (such as the Monthly Vulnerability Trends), provide insights into complex topics such as how GDPR impacts the work of a threat analyst and the role of a TIP in a SOC.
Don't forget to subscribe to our blog - we'll notify you as soon as new posts appear.