Today we released the latest version of our Threat Intelligence Platform (TIP). EclecticIQ Intelligence Center version 2.12 includes a host of new features and improvements to help CTI teams further unlock the value of threat intelligence for many different use cases. They range from a completely redesigned and rebuilt public REST API, to improvements in managing threat data, and a brand-new rich text editor for creating and structuring clearer reports.
For a quick rundown of what’s new, we invite you to watch this short video. For more details, please continue reading.
Extend Intelligence Center deep into your security stack
With the ever-increasing number of cybersecurity products in use, every TIP must have a well-rounded API that provides the freedom and flexibility to embed the TIP into any cybersecurity stack. That’s why our product team kicked off a long-term initiative last year to update the public REST API of Intelligence Center. The team invited select customers to participate in the beta program. These customers provided valuable insights and constructive advice that prompted a complete redesign and rebuild of the API.
The beta program participants indicated that developers often felt they needed to become CTI experts to use the API. Also, they reported that CTI analysts with some coding skills would love to use the API themselves to further automate certain specific tasks. To enable these users, we had to completely overhaul our existing API. To improve the user experience, we created a brand-new developer portal containing technical documentation and examples demonstrating what the API can do and how to use it. With this tool, developers can gain a basic understanding of CTI needed to use the API, and CTI analysts can create easy workarounds without having to rely on others.
We’re very proud to announce that this new API is now officially out of beta and available for all our customers. It acts as a layer of connective tissue that ensures otherwise siloed tools are used to their full capabilities, resulting in better security posture for customers. Equally important, Intelligence Center is from now on an “API-first” product, meaning that we will develop every new or improved capability with API consumption in mind. So, as we continue to build new features or update existing ones, these changes will be reflected and available in the API for you to use programmatically.
More easily manage enrichers, taxonomies, and network ranges
We believe Intelligence Center does a good job of managing large volumes of threat data. But with version 2.12, we removed additional repetition from this process.
First, due to the growing number of enrichers per data source in use, it became difficult for data administrators to identify individual enrichers when configuring the automatic enrichment process. We redesigned the enricher configuration page so administrators can see the full list of available enrichers, apply filters, and manage and enable multiple enrichers in bulk. This improvement reduces the repetitive nature of setting up individual enrichers by allowing you to set up multiple enrichers in one go.
Similarly, we’ve improved management of taxonomies. Previously, data administrators had to scroll through individual pages, making it cumbersome to work with large numbers of taxonomy nodes. By simply adding a filter and search bar in the taxonomy management section, we made it much easier and faster for you to find and alter taxonomies with a common name or parent.
Lastly, Intelligence Center can now handle network ranges as observables. These new observables allow you to add, import, and export both IPv4 and IPv6 CIDRs. They are also parsed from structured and unstructured texts, and are included for exchange in STIX 1.x and 2.x. As a result, your analysts can now more quickly define a whole range of IP addresses to express threats or targets of threats.
Speed up your investigations and reporting
CTI analysts will also be glad to hear that, in addition to improving configuration of automatic enrichers, this release enhances the manual enrichment feature. In fact, analysts can make use of the same improved UI in graphs, lists, and detail panes to manually execute multiple enrichers in one go, thus enjoying a better workflow and saving precious time.
If you are a CTI analyst who relies on Intelligence Center as a complete workbench for your daily investigations, we’ve added a powerful tool that will help you prepare comprehensive reports within the platform. With the original beta release, we gave testers early access to the new rich text editor that we placed under the hood as a feature. Now we are taking the new text editor out of beta and unlocking more capabilities for all customers throughout Intelligence Center. This means you can create and structure reports more efficiently, add higher-quality images and screenshots to reports, and use the rich text editor for all other entities and workspace descriptions as well.
Want to know more?
For a deeper dive into this release, or to find out how EclecticIQ can strengthen your cyber defenses, please get in touch.