Advice, Consulting, cybersecurity, Dark Web, Deep Web, Opinion, Risk Management, Risk management

Les nouveautés de Juin – IntSights

By admin on 16 juin 2020 0 Comments • Tags: #ai #alert #algorithm #antipation #cybersecurity #darkweb #governance #ia #mitre #prevention #siem #sso #threatintelligence

THREAT COMMAND

MITRE ATT&CK Tagging (Beta)

The ETP Suite provides a new perspective on a potential attack risk with  a new MITRE Framework tag.

Once enabled, specific alerts are tagged with a corresponding MITRE ATT&CK tag to indicate that a known adversary technique is potentially involved with the alert.

Support for SSO with Generic Apps

In situations where your SSO provider does not have a formal IntSights ETP Suite App (e.g. Okta or Ping), you can configure SAML SSO authentication independently. Use your own custom/local applications as found within your SSO provider platform.

WHOIS Update Condition (Phishing Policy)

You can condition automation policies to be triggered based on the last observed update time of a specific domain’s WHOIS. 

IntSights Query Language (IQL) Enhancements

When hovering over suggested keywords, an interactive tooltip provides additional explanation for each keyword.

By actively highlighting AND/OR logical operands, you can easily distinguish between the query syntax and other operators.

Threat Intelligence Platform (TIP)

Investigation Map Enhancements  

Newly designed color-coded Investigation Map enables you to easily view and distinguish IOCs and other malicious content.

Easily ungroup single or multiple entities without the need to individually investigate each entity.

Added Public Feeds

The following public feeds are available as intelligence sources of IOCs:

Abuse.Ch provides a list of IP addresses focused on malicious SSL connection.

GreenSnow Blocklist provides a list of IP addresses focused on brute-force attacks such as: Scan Port, FTP, POP3, mod_security, IMAP, SMTP, SSH, cPanel.

VX Vault provides IP addresses hosting malware.

Joe Wien domain blocklist provides a list of domains focused on spam and online fraud. 

Snort IP blacklist provides a list of IP addresses based on Snort labs, focused on open source IDS/IPS.

Email Addresses Added as Exceptions

Email addresses can be added to the exception list. If an email address is reported as an IOC, the report is automatically discarded. 

View Source ID of Documents in the Source Page 

The ETP Suite assigns a unique ID to documents that were uploaded for IOC extraction. This enables easier use of these documents via the API. 

Comments are closed.