Today we are releasing the 3rd and final release of EclecticIQ Platform in 2020. What makes this release so special is that it touches nearly every aspect of the platform – you are now even able to access new feeds with it.
To find out in detail how this release enhances our threat intelligence platform (TIP), please watch the following quick tour video from the team, or continue reading to discover the main highlights of this release.
Walk-through video of EclecticIQ Platform 2.9 features
More robust ingestion
At the beginning of this year, we set out on an ambitious journey to overhaul the ingestion capability of our threat intelligence platform. We wanted to significantly boost the ingestion performance, without compromising the fidelity of the threat data or scalability of the system. As we come close to the end of the year we can proudly say that EclecticIQ Platform 2.9 will now meet the most demanding ingestion requirements – both hosted, and on-prem.
The last step in this development effort was bolting the revamped ingestion engine on top of quuz, our new task manager that we introduced in release 2.7. This ensures that the workload is more evenly distributed across ingestion workers and threat data gets processed faster. But when a machine or task unexpectedly gets interrupted, quuz can now also pick up the ingestion process precisely where it left off when service is restored.
Better monitoring of incoming data
EclecticIQ Platform 2.9 also lets system administrators tap into quuz using their preferred 3rd party tool and keep a sharper eye on all the incoming threat data. The platform now shares real-time metrics via its API to monitor the size of the various ingestion queues, as well as the total number of incoming packages that are pending ingestion. This way system administrators can assess how to effectively and conveniently scale their infrastructure, depending on the incoming load.
Stay tuned for a white paper that we will publish shortly, explaining why the ingestion engine is such a critical component of TIP and how organizations can benefit from choosing a TIP with deep and scalable ingestion capabilities.
On track for STIX 2.1 and TAXII 2.1 interoperability
With the previous release we kicked off a new development track that will deliver full interoperability with the latest STIX and TAXII standards for intelligence exchange. EclecticIQ Platform 2.9 now lets our customers both ingest and share Indicators and Observed Data in STIX 2.1 format. Either by directly exporting the data from the UI, or by pushing it out over TAXII 2.1.
These objects are prescribed by governing body OASIS as part of their STIX 2 Preferred certification program. By following this program, we safeguard that EclecticIQ Platform can reliably exchange threat data with the growing number of intelligence providers and security controls that are implementing support for these standards.
Enhanced usability
Besides the under-the-hood improvements as mentioned above, release 2.9 offers numerous changes to the UI that make it easier to use the platform. In fact, this is the fourth consecutive release adding new functionality to the search interface, aimed at arming analysts with a tool that is powerful as well as easy to use.
Analysts can now preview the number of matching results while building a search query. This way they can build search queries that deliver the level of granularity they desire faster, without having to first submit their query to find out.
Platform 2.9 More efficient search UI - part 1
When analyst do submit a search query, it is now possible to choose and reorder the columns that display the result. This allows the creation of a comprehensive view for all resulting entities directly at once, without having to open and close numerous individual entity detail panes. This function is available in all search results for entities, observables, discovery, exposure, and dataset entities.
Platform 2.9 More efficient search UI - part 2
Finally, the user interface to upload new files to Platform has been completely redesigned. Analysts can now simply drop multiple files of different content types into their browser and upload the files in one go to the platform. The new design also makes it easier to keep track of the status of the uploads, making the entire process much more intuitive.
Platform 2.9 Redesigned file upload
New Curated Threat Data Feeds
The biggest change that accompanies this update is a completely new Intelligence offering, created by our in-house team of threat intelligence analysts. EclecticIQ Platform 2.9 now comes preconfigured with two brand-new EclecticIQ Intelligence Feeds, curated for primary threats and optimized for CTI operations. The Open Sources Feed comes bundled with the platform for free; the Commercial Sources Feed is a cost-effective add-on augmenting your threat landscape visibility.
For more information on these new feeds please visit this page.
Always upgrade to the latest version of the platform
For some of our customers it’s challenging to keep up with the frequency of our releases. Their IT teams work with fixed maintenance windows for upgrading their applications. Miss a window and at the next opportunity they will have to perform not one but two upgrades.
These IT teams will be glad to hear that EclecticIQ Platform now no longer needs to be upgraded sequentially. This means that you can skip intermediate minor and maintenance releases and upgrade directly to the last released version. This saves time and effort and delivers all the cumulative benefits and improvements in one go.
Easily share reports with stakeholders
Finally, analysts can now select any report entity and export all the content to a nicely styled PDF file. This makes reports easy to share and to read across devices and operating systems.
Platform 2.9 Exporting reports as PDF
Want to learn more?
If you would like to learn more about this release, or find out how EclecticIQ can strengthen your cyber defenses, please get in touch.