EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Save More Analyst Time and Effort with EclecticIQ Intelligence Center 2.13

Mark Huijnen July 21, 2022

The newest version of EclecticIQ Intelligence Center is being released for General Availability today. Version 2.13 of our analyst-centric threat intelligence platform (TIP) helps you further streamline your analyst operations, thanks to more-powerful and highly granular rule-based workflow automation, extended audit logging, and an upgraded TAXII server for outgoing STIX 2.1 feeds. 

EclecticIQ Intelligence Center 2.13 frees your analysts to focus on what they do best: investigating cyber threats.

  • For a quick rundown of what’s new, we invite you to watch this short video.
  • For more details, please continue reading.

New options for workflow automation with custom rules

Threat Intelligence Platforms - or TIPs - take the manual work out of aggregating and analyzing threat intelligence. This way, CTI analysts can devote their valuable time to investigations requiring their expert judgment. EclecticIQ Intelligence Center automates the entire analyst workflow, providing maximum data access to deliver unique insights. Most automation comes out-of-the-box, thanks to its STIX-based data model and robust ingestion engine. But Intelligence Center also gives analysts the flexibility to further automate their workflow using custom rules. Release 2.13 now offer analysts more options and granularity when defining these rules.

For example, there’s a well-known problem the threat intelligence industry faces. That is, the use of different nicknames by different intelligence vendors to refer to the same threat actor. One intelligence vendor may talk about APT-28, while another one calls it FancyBear and a third one calls it Sednit. Thanks to Intelligence Center’s current rules feature, a CTI team can already normalize this threat data. They do this by adding a tag to data that refers to one of these names in the title. This way, all tagged data for a single threat actor is consolidated into a single workspace.

But by only looking for name matches in the title, the rule may accidentally add data to the workspace that is not related to that specific threat actor. To address this potential error, release 2.13 adds extra content criteria for rules that give analysts greater control over any additional automation they require. Rules can now contain unlimited query statements, and those statements can combine AND and OR conditions. This new capability allows analysts to eliminate the errors in the previous example by only tagging data where there is a match for all the name variants in both the title and the description. This extra flexibility and granularity supercharge your custom rule-based automation. Plus, they further reduce the time your analysts spend performing manual operations.

eclecticiq-intelligence-center-2-13-complex-content-criteria-for-rules

Enhanced audit logging capability

Our customers include some of the world’s largest financial institutions. They use EclecticIQ Intelligence Center to power advanced CTI programs and share threat intelligence with their industry peers.

The financial industry is heavily regulated in many areas, including security. To help financial services customers comply, we added two enhancements to the audit logging capability of EclecticIQ Intelligence Center 2.13. First, we expanded what is logged to include not just all the actions, but also what data was accessed -- down to the level of the individual objects. On top of that, you can now stream these logs to central logging servers to perform your own analyses.

These enhancements give you reassurance that any user action is traceable and provide more flexibility to produce the audit trails you need. Like the other new features of version 2.13, they help streamline time-consuming processes – in this case, auditing – so your analysts can concentrate on their core responsibilities.

eclecticiq-intelligence-center-2-13-audit-trail-enhancements

Simplified set-up for outgoing STIX 2.1 feeds

We are big fans of the STIX and TAXII standards. In fact, STIX serves as the basis for EclecticIQ Intelligence Center’s data model. That’s why our solution already supports ingesting and sharing threat data for an important subset of STIX 2.1 objects.

EclecticIQ Intelligence Center currently allows you to manually push out intelligence in STIX 2.1 over the TAXII 2.1 protocol, or automatically over TAXII 1.2. However, it can be burdensome to set up an outgoing STIX 2.1 feed over TAXII 1.2. That’s why, in release 2.13, we upgraded the built-in TAXII server of EclecticIQ Intelligence Center from version 1 to version 2. Now, it’s much easier to provide an intelligence feed in STIX 2.1 format to multiple stakeholders or security controls over TAXII.

eclecticiq-intelligence-center-2-13-TAXII-2-1-server-for-outgoing-feeds

We’re also pleased to announce that we will be making this new TAXII 2.1 server functionality available to the community via our popular open-source tool, OpenTAXII. OpenTAXII allows developers to run an extensible implementation of TAXII services for producers and consumers of threat intelligence. Thanks to the new version of EclecticIQ Intelligence Center, developers will soon be able to offer these services over TAXII 2. Look for the upcoming update on GitHub.

Want to know more?

For a deeper dive into this release, or to find out how EclecticIQ can strengthen your cyber defenses, please get in touch.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo