Anomali May Quarterly Product Release
Anomali continues to innovate with our intelligence-driven solutions. We’re pleased to announce our May Quarterly release, adding direct integrations and enhancements for The Anomali Platform, our cloud XDR solution, and its solutions to ensure our customers can maximize capabilities to receive the full benefits of our detection capabilities.
Key Highlights for this Quarter Include:
- Expanding Cloud XDR support with New Direct Telemetry Sources
- Enhanced Dashboards for The Anomali Platform
- Extended TAXII 2.1 client support for sharing indicators
- Granular Dashboard Management in ThreatStream
- Health Status Notifications for Threat Intelligence Feeds
- Unified Filtering Language across ThreatStream and Integrator
Direct Integrations with Key Endpoint Partners
With this quarterly release, we continue to leverage the power of cloud-to-cloud modern telemetry. We have expanded support for direct integrations with key endpoint vendors, including Microsoft Defender, Crowdstrike, Carbon Black and Amazon Web Services Virtual Private Network .
Users can set up these and many other log sources quickly using the setting interface in The Anomali Platform. The Platform will provide a default data mapping from the log source to our XDR schema which can be easily updated to optimize threat detection.
Screenshot – How a user would map their log source data to the Cloud XDR schema to optimize correlation efficiency.
Enhanced Dashboards
This release also introduces key dashboards that provide multi-dimensional views using our advanced search to provide an instant snapshot of your environment. New dashboards include:
Multi-Dimensional View: presents a number of visualizations showing the occurrence of IOC matches over time, whether by Source Host, Indicator, iType, Severity, Confidence, and more.
Match Analysis View: provides analytics about the threat intelligence feeds, indicator types, indicators, and DGA domains that match events in your network, such as Matches Over Time, Matches by iType, Matches by Indicator, Matches by DGA
You can also schedule and distribute reports based on these dashboards to decision-makers who do not regularly access the Platform, providing key insights and snapshots to executives and key stakeholders.
Screenshot: Enhanced Dashboard Example.
Extended TAXII 2.1 client support for sharing indicators
Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging intelligence over HTTPS. ThreatStream hosts a TAXII server instance that enables the sharing of observables with external applications, enabling out-of-the-box integration with security controls and other threat intelligence-consuming products.
We’ve updated our ThreatStream TAXII client to ensure that any applications or products attempting to gather indicators using a TAXII 2.1 client will be able to receive intelligence without any issues.
Easy configuration of new TAXII 2.x sites allows for out-of-the-box integration with intelligence providers running TAXII 2.x servers. Customers are also able to choose between TAXII 1.1, 2.0, and 2.1 when configuring a new site for IoC collection.
Full Granular Dashboard Management in ThreatStream
Dashboards provide quick snapshots into relevant data for users to keep tabs on what’s going on in their environment.
Now, ThreatStream customers can granularly manage their dashboards to further customize their experience and view what’s relevant to them. Users can:
- Toggle default dashboards on and off
- Create up to 10 custom visible dashboards, and choose these from a library of dashboards maintained in ThreatStream
- Drag and drop to edit the dashboard order and specify the user’s default dashboard
Dashboards can be drawn from a library created by / visible to the user. Customers will still have access to Custom and ATR-themed dashboards.
Screenshot: Highlighting where a user could easily add or remove a custom dashboard from their own dashboard view. Users can add up to 10 Custom Dashboards in addition to those standard dashboards.
Health Status Notifications for Threat Intelligence Feeds
It’s essential to ensure your team has the right intelligence it needs at the correct times. We’ve integrated health status notifications for threat intelligence feeds that enable organizations to quickly identify issues with their active intelligence feeds from the Anomali APP Store with this new release. This allows our customers to quickly see if there are issues arising from a particular intelligence provider and engage our teams to assist if necessary.
When opening the details of an active Feed within the APP Store, users will now see the Health Status, Last Event time, and the Interval between intelligence syncs for that feed.
We’ve also provided a color-coded line series for each feed or feed channel to indicate the Health History over the last thirty days. You can hover over each line to find out the status of requests and the error rate for that day.
Screenshot: The Health status of some Open Source intelligence curated by Anomali – showing health history over the last 30 days.
Unified Filtering Language across ThreatStream and Integrator
Integrator is pivotal in operationalizing your intelligence from ThreatStream to your security stack. Integrator 8.0 now supports Intel API v2 and will provide a Unified Filter Language with ThreatStream’s advanced search, allowing you to use the same filters across both ThreatStream and Integrator to retrieve the same dataset.
Content Worth Reading
Anomali recently launched a new ebook series in which we get feedback on certain industry topics from CISOs and other security practitioners. If you haven’t checked it out already, download our ebook: Seven Cybersecurity Experts on Extended Detection and Response (XDR), to learn how XDR can help your organization.
Until next quarter. Please reach out to your Customer Success Manager with any questions. Have a great Summer!
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);fbq(‘init’,’2115220198489652′);fbq(‘track’,’PageView’);
Source link