One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3006318 |
| Date de publication | 2021-07-01 10:00:00 (vue: 2021-07-01 15:05:25) |
| Titre | Anomali May Quarterly Product Release: Democratizing Intelligence |
| Texte | Anomali’s product team continues to deliver on an aggressive schedule of intelligence-driven cybersecurity solutions, continuing to work in tight unison with our customers and security professionals throughout the product development lifecycle.
We’re excited to announce our quarterly product release update for May 2021. Key highlights for this quarter include:
New Match 4.4 release enhancing Anomali’s extended detection and response capabilities
Custom dashboards aligning global threat intelligence with local SOC threat prioritization activities
Industry news monitoring that leverages Machine Learning to determine global trends
Enhanced STIX 2.1 support with Custom Objects & Relationship Objects
Support for MITRE ATT&CK Framework v9.0 via Attack Patterns
Simplified Integrator upgrade process
Anomali Lens - Outlook for Office 365
Match 4.4 New Features and Improvements
Anomali Match is the first threat detection and response solution that automatically and continuously correlates all your environment logs against all relevant active threat intelligence to expose previously unknown threats that may have already penetrated your enterprise, resulting in faster Mean-Time-To-Detection (MTTD), reduced cost of security incidents, and more efficient security operations.
In this release, we’ve added several new and significant features to improve the value offered by Match to clients, enhancing the fidelity of intelligence we use to identify matches in your environments, and simplifying the normalization of data coming from a variety of different formatted log sources. Furthermore, new alerting capabilities provide enhanced process automation and now support threat model-based alerts.
We’ve also released Universal Link v4.4 and made updates to these dedicated links that enable log event integration with Anomali Match: QRadar, Splunk, and RSA.
.png)
Building Custom Dashboard Widgets Based on Threat Model Data
Dashboards in ThreatStream provide a quick, digestible, and timely source of key metrics on threat intelligence indicators. Custom dashboards can be tailored for a given organization’s or user’s requirements. Users can now develop their own dashboard with widgets based on Threat Model saved searches also, in addition to an Observable saved search. Users can also choose to incorporate out-of-the-box widgets or develop their own, based on an advanced saved search (of Observables or Threat Models). This new feature builds upon features we’ve been adding to ThreatStream over recent releases, i.e. the addition of custom widgets and also the enablement of Threat Model advanced saved searches.
Industry News Trend Widgets in ThreatStream Dashboard
ThreatStream Dashboards provide key decision-making data in an easy-to-digest visual format for all users of ThreatStream - whether research analyst, team manager or CISO. With this release, industry trending news on Actors, Malware and Common Vulnerabilities and Exposures (CVEs) are available as graph widgets within the ThreatStream dashboard. Our trending engine is based on data sourced from a huge array of public and private security news feeds, blogs, and other reputable sources. The graphs provide current lists of trending entities, with pertinent information and graphs showing activity over various timelines. Currently, this feature is exclusive to Anomali Lens+ customers.
MITRE ATT&CK Support for Sub-techniques
The MITRE ATT&CK Security Framework is one of the most widely used tools to help organizations un |
| Notes | |
| Envoyé | Oui |
| Condensat | 2021 365 3rd able active activities activity actors add added adding addition additional advanced against aggressive alerting alerts aligning all allowing allows along already also analysis analyst analysts announce anomali anomali’s any approach appropriately are areas around array assist associate associations att&ck attack automatically automation available based becoming been beta blogs body box building builds bulletins can capabilities capability choose ciso client clients coding collections color coming common community complex compliant concern conditions conducting content continue continues continuing continuously contributors coordinate correlates cost coverage create cti current currently custom customer customer’s customers customized cves cyber cybersecurity dashboard dashboards data decision decisions dedicated deliver democratizing detection determine develop development different digest digestible directly download drive driven easier easy edit editor efficient elsewhere email enable enablement engine enhanced enhancing ensure enterprise entities environment environments esm event exchange excited exclusive execute existing export expose exposures expression extended facto fast faster feature features feedback feeds fidelity filtering find fireeye first flexibility format formatted found framework from further furthermore future given global graph graphs great has have help highlights hints host huge identify immediate implemented import improve improvements incidents include: incorporate indicators industry information informed initially instance integration integrations integrator intelligence intelligent intermediate introduced intuitive investigation investigations key large learning lens lens+ leverages lifecycle like line link linked links lists local log logs machine made mail maintain maintenance majority make makes making malware manage manager many match match: matches may mcafee mean met metrics microsoft mitre mitre’s mode model models monitoring more most mttd needs net new news normalization not notify now oasis objects observable observables offered offering offers office one open operationalizing operations operators organization’s organizations other out outlook over own party pattern patterns penetrated pertinent pivotal plan platform please posture previously prioritization prioritize private process product professionals profile profiling provide provided provides providing public qradar quarter quarterly queries query quick quickly reach read recent reduced relationship relationships release release: released releases relevant rely reputable requirements research response resulting rsa saved scale scan scanning schedule seamlessly search searches searching security see send several share showing significant simplified simplifying soc solution solutions some something source sourced sources specialized splunk sros stack standard stix stix™ structured sub such summarize support systems tactics tailored team teams techniques techniques them there’s these threat threats threatstream throughout tight time timelines timely tools trend trending trends troubleshoot understand unique unison universal unknown update updated updates upgrade upgrades upgrading upon use used user’s users validation value variety various version versions visual vulnerabilities wants warnings warrants we’ll we’re we’ve web when whether which wide widely widgets will within work you’d your |
| Tags | Malware Threat |
| Stories | APT 38 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.