EclecticIQ

newspaper-fold Blog

Ingest Threat Data Faster Than Ever Before with Platform 2.8

Mark Huijnen
August 6, 2020

The new version of EclecticIQ Platform is out. Release 2.8 marks another milestone on our path to building a truly analyst-centric cyber threat intelligence platform.

Most notably, our latest release brings significant performance improvements to the platform’s ingestion capability. As a result, the platform performs all automatic processing of incoming intelligence faster than ever before. Best of all, now you can boost the platform’s capacity by simply adding more processes. So, no matter how much your hunger for threat data grows, EclecticIQ Platform is up to the task.

But increased raw ingestion speed and scalability is not all Platform 2.8 has to offer. Once again, we’ve significantly improved the overall analyst experience. These changes help CTI analysts create, manage or view intelligence more easily. In addition, building advanced queries using the platform’s powerful search engine just became a lot more user-friendly.

Finally, as avid contributors to the development of the Oasis STIX and TAXII standards for sharing cyber threat intelligence, we are happy to join the growing number of intelligence providers and security controls that support STIX 2.1 and TAXII 2.1. As a first step, EclecticIQ Platform 2.8 lets users ingest IOCs accordingly. But more importantly, it marks the beginning of a new product development track toward full interoperability with the latest Oasis STIX and TAXII standards.

To find out about the features and improvements that Platform 2.8 brings, please watch the following tour video or continue reading to discover the main highlights of this release.

 

Walk-trough video of EclecticIQ Platform 2.8 features

A faster and scalable way of ingesting

Platform 2.7 improved ingestion capability by making sure the ingestion workers devote their time more fairly between feeds. But with release 2.8 we are fundamentally changing the way the platform processes all incoming threat data.

The platform previously cut incoming intelligence feeds into large packages containing multiple, often interconnected entities. Those packages then all needed to be ingested before the platform could proceed with the next batch of packages, resulting in unnecessary idle time and, in some cases, clogging up the entire pipeline.

Now the platform parses incoming intelligence feeds down to entity level and then ingests those individual entities in parallel. This gives users a direct increase in ingestion performance. But more importantly, this allows you to simply boost capacity by adding more processes whenever the need arises.

Building search queries more easily

After introducing search history in release 2.6 and search autocomplete in release 2.7, we have further expanded our search functionality with a new multiline editor available in all search boxes across the platform, giving analysts a powerful and easy-to-use tool.

Analysts are no longer restricted to viewing their query on a single line, but can design complex search queries across multiple lines, allowing them to better follow the entire story of a query. The platform also validates the syntax as you type and highlights errors by showing them in a different color. This saves analysts time, frustration and a headache or two.

Platform-2.8-Search-Query-Validation-and-Editing-GIF-720p

Platform 2.8 Search Query Validation and Editing 

A first step towards STIX 2.1 and TAXII 2.1 interoperability

Finally, a word about standards. EclecticIQ has been a proud member of Oasis since 2016 and an active contributor to its development of standards for sharing cyber threat intelligence: STIX and TAXII. Although STIX is at the foundation of the internal data model EclecticIQ Platform uses, we have not rushed into supporting STIX 2.

EclecticIQ Platform 2.8 marks the beginning of a new product development track toward full interoperability with the latest Oasis STIX and TAXII standards. In this first stage, you can ingest IOCs in STIX 2.1 format through manual upload or incoming feeds. Naturally these IOCs are transported over TAXII 2, which, like TAXII 1, allows auto-discovery.

In the near future, the platform will also enable sharing of STIX 2.1 indicators, and we will keep adding support for more STIX 2.1 objects until the platform is fully interoperable.

Want to learn more?

If you would like to learn more about this release, or find out how EclecticIQ can strengthen your cyber defenses, please get in touch

3 more posts you might like