We're excited to introduce the latest version of our powerful Threat Intelligence Platform (TIP) designed to empower the most targeted organizations against the ever-evolving landscape of cyber threats. Whether you're a threat intelligence professional, an IT expert, or a curious newcomer to our blog, we've got some exciting news to share with you.
With this latest release of EclecticIQ Intelligence Center, we've taken another step forward in enhancing your threat intelligence operations. Our team has been hard at work, listening to your feedback and refining our product to meet your needs better than ever before. We've introduced a range of improvements and features that are designed to make your threat intelligence journey smoother and more efficient.
More Extensive Data Policies
With this release, we're optimizing the performance of our data retention policies feature. It's a mechanism that enables you to effortlessly remove specific data when it's no longer needed, streamlining your data management. We've expanded its functionality to support deletion of outgoing feed packages and the originally ingested data packages that are backed up on the platform. Also, we’ve improved the removal of large amounts of observables when their retention period ends, ultimately reducing stored data. This translates to swift adherence to data management norms and privacy regulations, crucial as data volumes escalate. This feature is equally important for organizations looking for an on-premises TIP that offers SaaS-like scalability, economics and performance like Intelligence Center can.
Faster Set-up and Configuration
Setting up and configuring Intelligence Center is now more accessible than ever. We've introduced two improvements as part of an initiative to simplify the platform for those who prefer a streamlined approach. By minimizing configuration settings and values during the setup of incoming and outgoing feeds, we're reducing complexity. Non-essential options have been moved to an advanced view, while default values are pre-filled, enabling swift feed configuration with just three manual settings. Additionally, the navigation menu has been transformed into a vertical list, eliminating horizontal scrolling on lower-resolution screens and ensuring an unobstructed view when working with entity panes.
Tailor Outgoing Feed Package Sizes
Disseminating intelligence efficiently is paramount, which is why we're introducing enhanced control over outgoing feed package sizes. With the ability to customize package sizes for individual feeds, you can tailor intelligence distribution to align with security controls and stakeholder preferences. This agility ensures that the intelligence leaving the platform is optimized for action, thereby enhancing your organization's overall security posture.
Upload CSV files: Map, Save, Repeat
For those instances when manual data input is essential, Intelligence Center now allows you to seamlessly bring structured data into the platform. Analysts can now harness the power of CSV file uploads, complete with custom data mapping and template saving. This process empowers analysts to effortlessly integrate ad-hoc data, eliminating the need for time-consuming preprocessing and ensuring reliability.
Improved MITRE ATT&CK Assignment
Our commitment to enhancing your experience extends to streamlining the assignment of MITRE ATT&CK classifications. With the newly redesigned assignment layout, complete with collapsible tactics, techniques, and sub-techniques, along with distinguishable labels, assigning classifications is now faster and more precise. This empowers CTI analysts to confidently store ATT&CK-mapped intelligence in the platform and provide defensive recommendations with accuracy.
Improvements under the Hood
Supporting these advancements are foundational improvements that amplify your technical capabilities. We’ve reduced the number of API requests needed for getting related observables with an entity or searching multiple entity fields, delivering faster response times, and removing the need to spend time manually filter retrieved data.
Furthermore, the upgraded Elastic Stack components enhance ingestion performance, ensuring that there is no unnecessary delay in the collection and processing of newly incoming data and CTI analysts spend their time analyzing the latest data.
Want to know more?
For a deeper dive into this release, or to find out how EclecticIQ can strengthen your cyber defenses, please get in touch.