Today we released version 2.10 of EclecticIQ Intelligence Center (formerly known as EclecticIQ Platform).
This release signals a significant step forward in the journey of our Threat Intelligence Platform (TIP) to become fully interoperable with the latest STIX & TAXII standards for intelligence exchange. And we’re equally excited to kick off a series of new initiatives with this release that boost its functionality and overall usability.
To learn more about the new features and improvements in this release, please watch the quick tour video from the team below – or continue reading.
Additional STIX 2.1 objects for interoperability
Recently, the OASIS consortium finalized version 2.1 of the STIX & TAXII standards for intelligence exchange. This important milestone delivers additional objects to the STIX language that provide more granularity and allow more accurate threat modelling.
We began implementing support for these new objects last year. As a result, release 2.10 already supports ingesting and sharing of Indicators, Observed Data, Sightings, Courses of Action and Reports in STIX 2.1 format over TAXII 2.1. But we’re not stopping until we have reached full interoperability, so stay tuned for more updates.
As mentioned with release 2.9, we’re adding objects as prescribed by the OASIS STIX 2 Preferred certification program. By following this program, we ensure that EclecticIQ Intelligence Center can reliably exchange threat data with the growing number of intelligence providers and security controls that are implementing support for these standards.
Built-in MITRE ATT&CK capabilities
One of our new long-term initiatives centers on the integration of the MITRE ATT&CK framework. This framework, which has become the de facto standard for assessing modern behavioral detection against adversary tactics and techniques, helps analysts better understand the context of a threat, the phase of attacks and thus prioritize next steps accordingly.
As a first step, analysts can now assign Enterprise ATT&CK tactics, techniques, and sub-techniques to intelligence. And they can filter or search the repository for intelligence using these same MITRE ATT&CK IDs. These changes form the foundation for future developments that will bring full-fledged built-in support of the framework.
Knowledge Packs for instant threat tracking
EclecticIQ Intelligence Center 2.10 comes with a brand-new feature called Knowledge Packs. These are preconfigured sets of rules and datasets on specific topics. Curated by the intelligence experts on our Threat Research Team, they cover a wide range of CTI threats and content.
Analysts simply click on the Knowledge Pack they wish to install, and EclecticIQ Intelligence Center generates a dedicated workspace on the fly. This way, analysts can instantly start tracking relevant, timely threats without spending any time or effort on manually configurating the workspace.
To start release 2.10 ships with a select number of packs. But we have big plans for this new feature and will build out the collection and functionality throughout the remainder of this year.
Updated navigation to streamline your work
At EclecticIQ, we take usability seriously. In fact, we believe it’s a critical requirement for creating a truly analyst-centric TIP. A well-designed interface can make the difference between a TIP that works for you, or a TIP that makes you work.
To streamline the way of working and improve analyst workflow, our product design team has redesigned the navigation interface of EclecticIQ Intelligence Center. As a first step, we have removed the top navigation bar from the interface in this release. All items from the top bar have been merged into the side navigation bar, presenting users with a single overview that still gives access to all areas.
Check out the navigation improvements tour inside EclecticIQ Intelligence Center to show you how to access all the tools you are used to from the single side navigation bar.
Embedding images in reports
It’s said that a picture is worth a thousand words. In the case of intelligence reports that need to inform high-level decisions made by executives and other decision makers, being able to embed images is an invaluable capability. Using the updated report editor of this release analysts can now add images or screenshots to a report and resize them on-the-go. These images can provide additional details or help illustrate a concept that is difficult to render in text form.
OAuth support for Azure
System administrators can now integrate EclecticIQ Intelligence Center with your Azure-based identity management solution over OAuth and centralize access control for users and 3rd party apps using the EclecticIQ Intelligence Center API. They can also monitor the requests users or 3rd party apps make to the API or restrict access directly from Azure Active Directory. This means that analysts no longer need to log-in every time they access EclecticIQ Intelligence Center, but they enjoy a safe and seamless sign-on experience as they switch from other applications to EclecticIQ Intelligence Center and vice versa.
Coming soon: EclecticIQ Hunting Packs
Finally, we have something exciting cooking that we don’t want to leave unmentioned. EclecticIQ Hunting Packs are collections of threats that are created by bundling IOCs, detection and hunting rules, and structured intelligence. They enable you to detect known threats with higher fidelity, thanks to the addition of TTP-based rules that complement the static nature of IOCs. Further, these rules let you detect lesser or unknown threats for early warning, threat hunting, and response. If you want to be among the first to get early access to this new type of detection content, pre-register now for our Beta program.
Want to know more?
If you would like to learn more about this release or find out how EclecticIQ can strengthen your cyber defenses, please get in touch.