This release brings many improvements on the alert contextualization processes and threats descriptions for better insights on the threats your assets are facing.
Faster and more reliable indexation of our Cyber Threat Intelligence indicators. inThreat is Sekoia’s Cyber Threat Intelligence (CTI) solution. One of its mission is provide a knowledge base related to cybercrime and cyberthreats which is fed by our collectors and by our users. To ensure the best operational capacity for this database, we perform a complete and structured indexing of all of the observation collected. Such operation is expensive, hence, to ensure the best user experience, we implemented asynchronous indexing of the collected CTI observations as proposed in the TAXIIv2 standard.
Improved threat descriptions of our CTI indicators. Our Cyber Threat Intelligence knowledge base is used, amongst others, by SIC, the detection solution implemented on SEKOIA.IO. To ease the understanding of our indicators by all of our users, we have improved the description related to malwares, threat related tools and attack patterns. This let final users understand precisely the impact of an alert. Enhanced descriptions are well formatted, free of technical terms and contextualized with information regarding to their provenance.
Detection rules applied to multiple entities
SIC security engines rely on user defined rules to perform their detection that apply to a given set of supervised entities. To simplify the day-to-day work of SIC operators, this release enables the creation of detections rules that easily apply to multiple entities. This new feature drastically reduces the required effort to create and maintain a fine grained-based detection strategy.
New “rule statistics” page in the SIC frontend
Recently, SIC introduced statistics about detection rules. A new page that leverages these new metrics was designed to help SIC operators to improve their detection ruleset. Among others, this page introduces a detailed graph that shows how the number of alerts evolves given a period of time and if the rule raised high urgency alerts.
New backup monitoring system
Backup is a very important point for our infrastructure that must provide a way to quickly recover from any crash situation or retrieve erroneously removed data. To enhance the confidence we have in our database level backups, a new monitoring mechanism was developed from scratch. This monitoring allows our operational teams to be notified if one of our backup job failed to proceed automatically so they can intervene and dramatically reduce the risk of any data loss.
If you have any concerns, feel free to contact us at firstname.lastname@example.org.