More Results, More Analysis, More ROI
Earlier this quarter we announced the release of ThreatConnect version 5.6. It’s centered around making our platform even more effective for user collaboration and analysis. Having what you need exactly when you need it is critical across security operations, but especially when dealing with threat intelligence. So much so, we wanted to focus again on these updates.
With ThreatConnect 5.6, users can:
- Find what they need sooner with revamped Search functionality
- Visualize relationships in data via the Graph View
- Understand how Automation and Orchestration are saving them time and money with our built-in Playbooks ROI Calculator
- Stay on top of critical updates with the new Notifications Center
- Manage the status of Indicators in the Platform automatically with ThreatConnect’s CAL™ (Collective Analytics Layer)
Now, let’s dig a bit deeper into each…
New and Improved Search
For us, everything comes down to the experience we provide to our Platform users. Based on your feedback, we’ve made some sweeping changes to how the Search feature works. With the new Search feature, you are able to find relevant data and intelligence faster and reduce the number of dead-end searches. Highlights include:
- Results now distinguish between exact matches and related matches.
- Results provide clearer and more relevant information, including Observations and False Positive reports.
- View details on Indicators and Groups without needing to navigate away from the results.
- Even if you search for Indicators that aren’t in your instance of ThreatConnect, the results will return any data that CAL™ (Collective Analytics Layer) knows about them, in addition to giving you links to dozens of popular enrichment tools so you can continue your investigation and add them to ThreatConnect.
- Easily assess the severity of results with ThreatAssess and CAL.
- Search for multiple Indicators at one time, for example by inputting a log file or alert.
- With Search History, your most recent searches are now just a click away!
- Search now supports type-ahead and autofill.
Graph View for Visualizing Relationships
Threat intelligence is a very relational dataset: this host resolves to that IP, this IP was used by that Adversary, this Adversary perpetrated that Campaign. Answers to questions about how this puzzle ties together are best provided visually. To provide those answers, we’re excited to introduce a graph visualization of intelligence in ThreatConnect. From the graph view, users can pivot to find additional relationships and view in-depth information without losing context on their investigation. The Graph View is available in ThreatConnect for every Indicator, Group, and Tag in the Platform. With Graph View, users now have a wide range of options to understand relationships in-depth and build out their investigations for faster understanding of threats.
Playbooks ROI Calculator
One of the challenges that security teams have is measuring value. At ThreatConnect, we understand how difficult it can be to justify the tools you use and the personnel that employs them. Introducing automation and orchestration makes it possible to help with that problem since they’re so quantifiable. By tracking how long it takes a human to perform a task and then automating it, you are able to put metrics like time saved and dollars saved around your Playbooks.
View time and money saved over the past 7, 30, 60, and 90 days for each Playbook.
The new Playbooks ROI Calculator lets you quantify the return on investment of your automation and orchestration activities over the past 7, 30, 60, and 90 days. The data is available directly on each Playbook Design page, as well as on ThreatConnect Dashboards.
The ROI calculator is only available in TC ManageTM and TC CompleteTM.
The Notifications Center helps analysts stay on top of critical updates to their intelligence. Users have total control over what they’re notified about and how often. You can follow Indicators, Groups, Tags, and more. For each item you follow, you can specify a priority. The Notification Center gives you granular control over what happens next: an in-app alert, an immediate email, or a digest email. For each type of data, you can choose the types of notifications you want, including custom notifications using ThreatConnect’s API or Playbooks. Now, you won’t miss anything critical, and you won’t be inundated with irrelevance! By broadly expanding the notifications capability, analysts can better accomplish key monitoring tasks.
Automatic Management of Indicator Status
Users now have the ability to manage the status of Indicators in the Platform automatically with ThreatConnect’s CAL™ (Collective Analytics Layer) or set Indicator status manually. With this, analysts can keep a record of benign and/or formerly malicious indicators even if they don’t want the indicators considered for action. How the indicator status was set is also recorded to provide you with context as to why that respective status is what it is.
This indicator’s active status was set by the local instance of ThreatConnect.
This indicator’s active status was set automatically by CAL.
Whew, that was a lot of updates! When it comes to product development, the emphasis on improving the day-to-day quality of work for analysts through usability of the Platform is apparent. The release of 5.6 is a perfect illustration of that.
Want to see some of these updates for yourself? Join us for an upcoming Platform Walkthrough. During this 30-minute bi-weekly session, one of our security engineers will conducta live demo of ThreatConnect and answer any questions you may have. Click here to register now!