We are excited to announce the release of the latest version of EclecticIQ Intelligence Center, providing a strong foundation for mature CTI teams to overcome their future challenges. Intelligence Center 3.0 contains significant structural changes, new features, and enhancements that make it our most powerful and advanced Threat Intelligence Platform yet.
More Granular and Accurate Threat Data
With Intelligence Center 3.0, we have added eight STIX 2.1-compatible objects, allowing CTI analysts to work with more granular and accurate threat data, helping them understand and preempt ever-more complex cyber threats even better. Even when using incoming threat data feeds in STIX 1.2 format, our customers can obtain the extra granularity that STIX 2.1 offers. They can convert all existing Threat Actor and TTP entities in their repository to their corresponding STIX 2.1 entities, as well as all newly incoming STIX 1.2 data on-the-fly, while keeping track of the original entities.
Relationships that Give More Context
Intelligence Center 3.0 features a completely revised implementation of the relationship construct, enabling CTI analysts to freely create a relationship between all entity types, define their own type of relationship, and assign TLP, start/end time and description to relationships. We’ve also made the user interface for relationships more intuitive and added a special token, indicating if a relationship can be exported via STIX 1.2, STIX 2.1 or if data will be lost. CTI analysts now enjoy maximum flexibility and freedom to define relationships that give much more context than before.
Easier Rule Configuration
Intelligence Center 3.0 makes it easier to create very detailed rules that let analysts control how every granular piece of data gets processed and moves through the platform for automatic prioritization, dissemination, or further investigation. As soon as analysts start typing, Intelligence Center will help auto complete the path, and they can now also add multiple sources to a single rule, reducing the number of rules needed to create and maintain.
Precise MITRE ATT&CK tactics & techniques
As cyber threats continue to evolve, attackers are developing new tactics and techniques to evade detection and compromise networks. To help CTI analysts stay current on the latest threats, the MITRE ATT&CK framework is regularly updated. With Intelligence Center 3.0, we are updating the built-in support for MITRE ATT&CK to the v12.1 version, ensuring that CTI analysts have access to up-to-date information on threat tactics and techniques. By staying ahead of the curve, analysts can accurately identify and categorize threats, providing greater protection to organizations.
Expanded Confidence Scoring
When it comes to responding to cyber threats, accurate and reliable information is critical. To help ensure the trustworthiness of threat data, the STIX format recommends including a confidence score in every object. With Intelligence Center 3.0, we have extended the confidence property, enabling analysts to assign confidence scores to all supported entity types in the platform. This means that analysts can improve the accuracy and reliability of the threat data, enabling more effective decision making in response to cyber threats.
More types of observables
Observables are an essential component of cyber threat intelligence, enabling analysts to identify and track indicators of compromise and other relevant data that can provide insights into malicious activity. As the threat landscape continues to evolve, new types of threats emerge. For instance, cryptocurrencies were not subject to threats a decade ago. With the Intelligence Center 3.0, we are now introducing support for nine new observable types, enabling analysts to create and share these new observables to increase visibility of new types of threats.
Less strain on your eyes
Lastly, we are thrilled to introduce the addition of a dark mode feature. Analysts can now opt for a color scheme that uses light-colored text, icons, and graphical user interface elements on a dark background, reducing eye strain or for personal preference. Additionally, analysts can configure the Intelligence Center to switch modes automatically based on their system settings, which could also serve as a good reminder to hand over their investigation to another colleague in teams that use a follow-the-sun approach to collaboration.
Want to know more?
For a deeper dive into this release, or to find out how EclecticIQ can strengthen your cyber defenses, please get in touch.