It’s on like Donkey Kong!POSTED BY LEON WARD
“It’s on like Donkey Kong!” – I’ve no idea where that phrase originally came from (and searching Google turned up some contradicting answers), but it describes the feeling here at ThreatQuotient this week since we’re excited to announce version 3.1 of the ThreatQ threat intelligence platform!
Why the Donkey Kong reference? – I hear you ask. Well it’s a lesser known fact that here at ThreatQuotient we use classic (and much loved) video games as our internal code names for software releases. With version 3.1 now available for customers, we hope you’re eager to take advantage of the “barrels” of features we’re throwing your way (yes, that’s another Donkey Kong reference if you didn’t notice). Here are just some of the highlights to let you know what to expect before you upgrade.
File summary and detail view improvements
Cyber threat intelligence comes in both structured data formats (like indicators) and unstructured data formats (like vulnerability, incident, and adversary reports). To improve how analysts work with reports and files, we’ve made a few changes.
- In addition to our ‘tags’ functions, we’ve added in a new “file details” section which enables full attribute key/value storage in the same way that is available for other intelligence objects. So now it’s much more easy to understand what is in a vulnerability report before you choose to open and read it. Over time you’ll see more and more intelligence feeds making use of this new data – with iSight being the first (as part of 3.1).
- A new file description section has been added to allow a description of the file being stored.
- The file overview page [Figure 1] now includes the ability to constrain views by report keywords, title text, source, time, and date. Including an easier to use time/date picker. These constraints are applied to all of the reports in the system and not just the most recent 500 or so, therefore this feature makes it much easier to work with large report data-sets.
New CVE Indicator type
The addition of a new indicator data type called ‘CVE’ improves the way in which vulnerability data can be linked to any in ThreatQ. For example, if you know that a vulnerability is associated with a malware sample, the two can now be linked to add context. We’ve got a lot more ideas for vulnerability data and threat intelligence operations. Watch this space for advances in this area soon!
Bulk update of related indicators
While performing research on a threat campaign, adversary, or intelligence report, a common analyst task is to add more context to all indicators that are related to it… We’ve improved this workflow and now it can be achieved with a single click [Figure 2].
New intelligence feeds, and updates to some existing
The providers of threat intelligence are constantly making improvements to their data, and methods of delivery to customers (APIs). ThreatQ ships with connectivity to over 140 intelligence sources; commercial, OSINT, and custom. The ThreatQ threat intelligence platform has been updated to work with some recent vendor API changes for both Crowdstrike and FireEye iSight Intelligence. We have also added two new commercial feeds:
PhishMe provides human-vetted, phishing-specific threat intelligence in an approach to identify and prevent potentially damaging phishing attacks.
- Verisign IntelGraph
Verisign IntelGraph provides contextual, real-time threat data, including reports that focus on known and emerging threats, types of adversaries, their capabilities and tactics, as well as other relevant intelligence
Enhanced Operations Management via the User Interface
The ThreatQ threat intelligence platform now includes a much improved interface [Figure 3] allowing users to install the many operations, extensions, and custom feeds that have been created. No longer is command-line knowledge required, therefore making the upgrade and installation of additional content much easier. Simply drag/drop the installer into the ThreatQ user interface!
API documentation improvements
You asked for it, and it’s here. We’ve made a big update to our external API documentation, simply contact support and they will ensure you’re able to get access to the content!
The threat landscape doesn’t stand still and neither does ThreatQuotient. We continue to innovate to enhance the ThreatQ threat intelligence platform. In this latest version we’ve focused on adding to the depth and breadth of value you can get from your threat intelligence while making it easier to manage and use. If you’re already a ThreatQ customer we know you’ll enjoy the enhancements. And if you’re considering a threat intelligence platform, ask for a demo and see for yourself why more and more enterprises are relying on ThreatQ as the cornerstone of their threat operations program.
To learn more about ThreatQ 3.1 and watch a live demo, sign up for one of our tech sessions
North America Tech Session
Tuesday, August 8, 2017
EMEA APAC Tech Session
Tuesday, August 29, 2017