0
4.3.0
Australia, Zurich, Yokohama, Xanadu
Standalone Application
Threat Intelligence Security Center (TISC) is a comprehensive platform designed to bolster organization's cybersecurity posture by providing advanced threat intelligence capabilities. Built to address the evolving landscape of cyber threats, the TIP empowers security teams with actionable insights to proactively detect, mitigate, and respond to potential security incidents.
- Curated catalog of popular OSINT Threat feed sources.
- Integration of premium feeds to enhance threat intelligence.
- Capability to automatically identify and extract all observables from the uploaded files.
- Granular expiration policies
- Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
- Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
- Correlation rules for automatically establishing relationships between observables.
- Customizable threat score calculator for nuanced threat assessment.
- Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
- User-specific dashboards tailored for Threat Intel personas.
- Graphical visualization tools for comprehending Threat Intel data.
- Dedicated Threat Intel Analyst Workspace for streamlined operations.
- Threat hunting with case/task management functionalities and interactive investigation canvas
- Automated MITRE ATT&CK Technique extraction and rollup.
- Enable seamless integration with SIR and facilitate smooth data migration from Threat Intelligence within SIR to the Threat Intelligence Security Center.
- Establish notification rules to trigger alerts based on threat intelligence.
- Define data retention and cleanup policies.
- Generate and share status reports and investigation summaries using Case reports' rich text editor experience and customizable report templates.
- Domain separation support for MSSP use cases.
- Integrate with security tools using TISC API.
- Point integrations with security tools and sample flows for automated actions
- Webhook support for real-time, trigger-based notifications
- Data migration utility for migration from SIR Threat Intelligence module to TISC
New:
- Automatically generate zero-day vulnerability records from flagged RSS feeds, extracting and correlating CPE, CWE, and CVE details. For more information, see KB2935172.
- Create security incident records directly from detected vulnerabilities for faster incident response.
- Initiate vulnerability assessments from detected vulnerabilities for faster risk evaluation.
- Access threat intelligence from the Google Project Zero RSS feed, now included in the feed catalog.
- MISP and STIX parsers now extract CVE IDs from vulnerability names during ingestion, and automatically populate the CVE ID field.
- Vulnerability records are automatically correlated with related CVEs found in related records or enrichment data.
- Vulnerabilities and related intelligence now appear in the TISC Context tab of Security Incidents, providing analysts direct access to risk data during investigations.
- A sample workflow and flow actions automate the initiation of vulnerability assessments.
Fixed:
- An issue where tags could not be selected in the UI form when their values did not appear in the top dropdown results.
- An issue where objects imported within a case were not added as artifacts to that case.
- An issue where intelligence reports could not be renamed using the Edit option when the report was opened in a separate tab.
- To enhance performance, the four correlation rules that generate potential relationships from observables are disabled by default.
Dependencies:
- Security Case Management common workspace components
- Threat intelligence support common
- Security support common
- Reporting common
- Seismic Component for ServiceNow(sn_node_map)