It’s on like Donkey Kong!

POSTED BY LEON WARD

“It’s on like Donkey Kong!” – I’ve no idea where that phrase originally came from (and searching Google turned up some contradicting answers), but it describes the feeling here at ThreatQuotient this week since we’re excited to announce version 3.1 of the ThreatQ Threat Intelligence Platform!

Why the Donkey Kong reference? – I hear you ask.  Well it’s a lesser known fact that here at TQ we use classic (and much loved) video games as our internal code names for software releases. With version 3.1 now available for customers, we hope you’re eager to take advantage of the “barrels” of features we’re throwing your way (yes, that’s another Donkey Kong reference if you didn’t notice). Here are just some of the highlights to let you know what to expect before you upgrade.

 

File summary and detail view improvements

Cyber threat intelligence comes in both structured data formats (like indicators) and unstructured data formats (like vulnerability, incident, and adversary reports). To improve how analysts work with reports and files, we’ve made a few changes.

  • In addition to our ‘tags’ functions, we’ve added in a new “file details” section which enables full attribute key/value storage in the same way that is available for other intelligence objects. So now it’s much more easy to understand what is in a vulnerability report before you choose to open and read it. Over time you’ll see more and more intelligence feeds making use of this new data – with iSight being the first (as part of 3.1).
  • A new file description section has been added to allow a description of the file being stored.
  • The file overview page [Figure 1] now includes the ability to constrain views by report keywords, title text, source, time, and date.  Including an easier to use time/date picker. These constraints are applied to all of the reports in the system and not just the most recent 500 or so, therefore this feature makes it much easier to work with large report data-sets.

Figure 1: The file overview feature simplifies working with large report data-sets.

 

New CVE Indicator type

The addition of a new indicator data type called ‘CVE’ improves the way in which vulnerability data can be linked to any  in ThreatQ. For example, if you know that a vulnerability is associated with a malware sample, the two can now be linked to add context. We’ve got a lot more ideas for vulnerability data and threat intelligence operations. Watch this space for advances in this area soon!

Bulk update of related indicators

While performing research on a threat campaign, adversary, or intelligence report, a common analyst task is to add more context to all indicators that are related to it… We’ve improved this workflow and now it can be achieved with a single click [Figure 2].

 

 

Figure 2: Updating indicators quickly in bulk.

 

New intelligence feeds, and updates to some existing

The providers of threat intelligence are constantly making improvements to their data, and methods of delivery to customers (APIs). ThreatQ ships with connectivity to over 140 intelligence sources; commercial, OSINT, and custom. ThreatQ has been updated to work with some recent vendor API changes for both Crowdstrike and  FireEye iSight Intelligence. We have also added two new commercial feeds:

  • PhishMe
    PhishMe provides human-vetted, phishing-specific threat intelligence in an approach to identify and prevent potentially damaging phishing attacks.
  • Verisign IntelGraph
    Verisign IntelGraph provides contextual, real-time threat data, including reports that focus on known and emerging threats, types of adversaries, their capabilities and tactics, as well as other relevant intelligence

   

Enhanced Operations Management via the User Interface

ThreatQ now includes a much improved interface [Figure 3] allowing users to install the many operations, extensions, and custom feeds that have been created. No longer is command-line knowledge required, therefore making the upgrade and installation of additional content much easier. Simply drag/drop the installer into the ThreatQ user interface!

 

Figure 3: Simply drag and drop to install additional content.

 

API documentation improvements

You asked for it, and it’s here. We’ve made a big update to our external API documentation, simply contact support and they will ensure you’re able to get access to the content!

 

The threat landscape doesn’t stand still and neither does ThreatQuotient. We continue to innovate to enhance the ThreatQ Threat Intelligence Platform. In this latest version we’ve focused on adding to the depth and breadth of value you can get from your threat intelligence while making it easier to manage and use. If you’re already a ThreatQ customer we know you’ll enjoy the enhancements. And if you’re considering a threat intelligence platform, ask for a demo and see for yourself why more and more enterprises are relying on ThreatQ as the cornerstone of their threat operations program.

 

To learn more about ThreatQ 3.1 and watch a live demo, sign up for one of our tech sessions

North America Tech Session

Tuesday, August 8, 2017

1:00PM EST

Register Here

 

EMEA APAC Tech Session

Tuesday, August 29, 2017

11:00AM CEST

Register Here


0 Comments

Share This