ThreatConnect 6.2 introduces Intelligence Anywhere and Playbooks 2.0 for improved ease of use and collaboration. When we think of “collaboration” we usually think about groups of people working together, maybe from different teams, to achieve a common goal. In cybersecurity, that may mean the threat intelligence team provides much-needed context to the SOC, or the SOC team feeds telemetry back to generate new intel. ThreatConnect 6.2 covers that use case, but there’s also so much more to collaboration. Software can work together, too, like when a detection rule is sent to the SIEM, which triggers an alert, which queries some data, which initiates a block action.
ThreatConnect 6.2 gives our customers access to Intelligence Anywhere, allowing anyone on the security team to benefit from rich, contextualized threat intelligence from any web page or SaaS tool. If your SOC needs intel at the moment of an investigation, this is it: next-level collaboration between intel and ops. 6.2 also includes a total revamp of our Playbooks capability, giving you more power and flexibility to get your tools talking to each other: it’s collaboration via automation. Interactive Playbooks allows anyone on the team to get up and running collaborating with another Playbook builder.
Using a platform like ThreatConnect and changing how security works starts by creating a foundation of collaboration between teams and tools, and ThreatConnect 6.2 makes it easier than ever.
Along with numerous improvements and fixes, we’re excited to introduce two new capabilities to ThreatConnect as part of this release: ThreatConnect Intelligence Anywhere and what some may call the next generation of our Playbooks capability – Playbooks 2.0.
Let’s get into each!
Introducing ThreatConnect Intelligence Anywhere
Research and investigation don’t happen in a vacuum. In reality, analysts rely on multiple sources to identify the pieces of the puzzle that make up the complete picture of a particular threat. Common themes we were hearing from individuals we interact with regularly include:
“As an analyst, as I’m doing research and investigation, or just browsing the web, I want to be able to understand additional information about indicators I come across, including if my organization knows about them or if they’re new information.
If they’re new pieces of information, I want it to be easier to get data into my threat library quickly and not require a copy and paste or some sort of other way requiring manual entry.”
With ThreatConnect Intelligence Anywhere, instantaneously scan and identify relevant pieces of information from any web-based resource with a simple click of a button. With the additional context provided by ThreatConnect, quickly understand what you currently know about an Indicator and add it to your threat library to aid in future analysis and investigation efforts.
Users now have the ability to can scan an online resource for potential Indicators, query ThreatConnect for information about scan results, and import Indicators and Group Indicators directly into ThreatConnect from a supported web browser.
ThreatConnect Intelligence Anywhere can scan various online resources for potential Indicators, including static and dynamic webpages, social media platforms, email messages, and even ThreatConnect itself.
- Instantaneously access the insight of ThreatConnect at their fingertips, directly from the web browser they’re working from – fewer clicks means less frustration and quicker results.
- Immediately leverage the global context from CAL, including classifiers from our analytics, anonymized observations/sightings of IOCs, and trending impressions information.
- Quickly import disparate single indicators or batches of unstructured data along with associated source information into ThreatConnect without disrupting their investigative process – simply tag and import as a group when you’re ready.
- Increase the value of your threat intelligence program by giving more users access at no additional cost and without the burden of learning and regularly accessing a new system.
Whether it’s building a threat library or searching for additional information to help you during your analysis and investigative efforts, we foresee ThreatConnect Intelligence Anywhere becoming our customer’s new best friend! Walkthrough it with Marika Chauvin, our Threat Intel-focused Strategic Product Manager, in the short video below:
Improving the Automation and Orchestration Game with Playbooks 2.0
The automation and orchestration of security processes greatly benefit organizations of all types and sizes and clunky usability and difficult management are oftentimes blockers to implementation. Utilizing Playbooks to handle the creation of these automated workflows across different teams and technologies sometimes falls to a specific individual or two do the subject matter expertise required of Playbook Building.
Playbooks 2.0 is the result of understanding the intricacies and nuances of the Playbook Building process, removing complexities, and replacing them with enablers to make repeatable and scalable automation a reality.
This release introduces nearly 50 improvement and updates to the Playbook Building and Management process, all with the following goals:
- Revamped look and feel increases usability and decreases frustrations
- Improved management capabilities for better collaboration, visibility, and control
- Increased confidence in the Playbook Build with more granular resting and improved troubleshooting
- Easy-to-use mechanism for documentation and collaboration with interactive note-taking capabilities
With Playbooks 2.0, we are changing what’s been deemed acceptable and giving users the ability to feel more comfortable and confident during Playbook development – eventually increasing usage of automation and orchestration and empowering more individuals across the team to utilize Playbooks. Across those nearly 50 new capabilities, the following highlights some of the improvements users will experience include:
- Ability to collaborate easier across teams through notes with Interactive Playbook and improved Playbook sharing capabilities
- Understand how your playbook build is going with the ability to run tests at the App level and not at the time of completion – saving users from the time and frustration that comes with thinking you’re done something and having to start over or go back and fix things
- Proactive notification of playbook failure, giving you confidence that things are running smoothly and you don’t have to do status checks to know that constantly
Check these out for more information on these capabilities and Intelligence Anywhere. To how ThreatConnect can help your organization, reach out to firstname.lastname@example.org and check out our Threat Intelligence Platform.