Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect Introduces Version 5.6

More Results, More Analysis, More ROI

Earlier this quarter we announced the release of ThreatConnect version 5.6. It’s centered around making our platform even more effective for user collaboration and analysis. Having what you need exactly when you need it is critical across security operations, but especially when dealing with threat intelligence. So much so, we wanted to focus again on these updates.

With ThreatConnect 5.6, users can:

  • Find what they need sooner with revamped Search functionality
  • Visualize relationships in data via the Graph View
  • Understand how Automation and Orchestration are saving them time and money with our built-in Playbooks ROI Calculator
  • Stay on top of critical updates with the new Notifications Center
  • Manage the status of Indicators in the Platform automatically with ThreatConnect’s CAL™ (Collective Analytics Layer)

Now, let’s dig a bit deeper into each…

New and Improved Search

For us, everything comes down to the experience we provide to our Platform users. Based on your feedback, we’ve made some sweeping changes to how the Search feature works. With the new Search feature, you are able to find relevant data and intelligence faster and reduce the number of dead-end searches. Highlights include:

  • Results now distinguish between exact matches and related matches.
  • Results provide clearer and more relevant information, including Observations and False Positive reports.
  • View details on Indicators and Groups without needing to navigate away from the results.
  • Even if you search for Indicators that aren’t in your instance of ThreatConnect, the results will return any data that CAL™ (Collective Analytics Layer) knows about them, in addition to giving you links to dozens of popular enrichment tools so you can continue your investigation and add them to ThreatConnect.
  • Easily assess the severity of results with ThreatAssess and CAL.
  • Search for multiple Indicators at one time, for example by inputting a log file or alert.
  • With Search History, your most recent searches are now just a click away!
  • Search now supports type-ahead and autofill.

Graph View for Visualizing Relationships

Threat intelligence is a very relational dataset: this host resolves to that IP, this IP was used by that Adversary, this Adversary perpetrated that Campaign. Answers to questions about how this puzzle ties together are best provided visually. To provide those answers, we’re excited to introduce a graph visualization of intelligence in ThreatConnect. From the graph view, users can pivot to find additional relationships and view in-depth information without losing context on their investigation. The Graph View is available in ThreatConnect for every Indicator, Group, and Tag in the Platform. With Graph View, users now have a wide range of options to understand relationships in-depth and build out their investigations for faster understanding of threats.

Playbooks ROI Calculator

One of the challenges that security teams have is measuring value. At ThreatConnect, we understand how difficult it can be to justify the tools you use and the personnel that employs them. Introducing automation and orchestration makes it possible to help with that problem since they’re so quantifiable. By tracking how long it takes a human to perform a task and then automating it, you are able to put metrics like time saved and dollars saved around your Playbooks.

The new Playbooks ROI Calculator ​lets you quantify the return on investment of your automation and orchestration activities over the past 7, 30, 60, and 90 days. The data is available directly on each Playbook Design page, as well as on ThreatConnect Dashboards.

Notifications Center

The Notifications Center helps analysts stay on top of critical updates to their intelligence. Users have total control over what they’re notified about and how often. You can follow Indicators, Groups, Tags, and more. For each item you follow, you can specify a priority. The Notification Center gives you granular control over what happens next: an in-app alert, an immediate email, or a digest email. For each type of data, you can choose the types of notifications you want, including custom notifications using ThreatConnect’s API or Playbooks. Now, you won’t miss anything critical, and you won’t be inundated with irrelevance! By broadly expanding the notifications capability, analysts can better accomplish key monitoring tasks.

Automatic Management of Indicator Status

Users now have the ability to manage the status of Indicators in the Platform automatically with ThreatConnect’s CAL™ (Collective Analytics Layer) or set Indicator status manually. With this, analysts can keep a record of benign and/or formerly malicious indicators even if they don’t want the indicators considered for action. How the indicator status was set is also recorded to provide you with context as to why that respective status is what it is.

This indicator’s active status was set by the local instance of ThreatConnect.

This indicator’s active status was set automatically by CAL.

Whew, that was a lot of updates! When it comes to product development, the emphasis on improving the day-to-day quality of work for analysts through usability of the Platform is apparent. The release of 5.6 is a perfect illustration of that.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.