What's new in TISC? 2024 August and 2024 November Store release updates.
We've been busy! There are lots of exciting developments in TISC over the past two store releases. Please read further to know more.
Checkout this post if missed our previous update - Threat Intelligence Security Center (TISC) is generally available now!
Key Highlights
-
Interactive Investigation Canvas: The Interactive Investigation Canvas is a graphical tool within TISC designed for in-depth, interactive case analysis. It features MITRE ATT&CK cards within the canvas for each case, which can also be accessed on-demand from the artifacts section. The visual and interactive investigation environment helps analysts observe the connections and relationships between IOCs, entities, and tactics in real time. This feature provides analysts with detailed insights, simplifying complex threat scenarios and improving response times through an intuitive visual interface.
-
Integration with Palo Alto Networks Firewall: This integration allows users to manage External Dynamic Lists (EDLs) directly from TISC, updating firewall block lists with the latest intelligence. Centralizing EDL management in TISC streamlines threat-blocking rules and eliminates manual updates across platforms. Users gain improved control over firewall configurations for faster, automated threat blocking, enhancing proactive defences.
-
Integration with CrowdStrike Falcon EDR: TISC integrates with CrowdStrike Falcon EDR to facilitate continuous monitoring and provide real-time alerts based on TISC intelligence. This integration enables rapid detection and investigation of potential threats on endpoints by utilizing TISC’s comprehensive threat data. It reduces response time by delivering alerts directly to Falcon EDR, thereby enhancing the user’s capability to identify and address endpoint threats promptly as they emerge.
-
Sample Automation Flows: TISC offers pre-built automation flows that can be tailored to automate threat sweeps and repetitive tasks for analysts. Automating routine processes reduces manual workload and accelerates workflows, allowing analysts to concentrate on more complex tasks. These flows enhance efficiency by reducing operational overhead and ensuring consistent and repeatable workflows for threat management.
-
Automated MITRE Technique Extraction and Rollup: TISC now automatically extracts MITRE techniques from ingested intelligence and lookup results, associating these techniques with observables, indicators, and entities and can be automatically aggregated at the case level. Automated extraction maps all intelligence to the MITRE framework, enabling users to understand adversary behavior and tactics without manual mapping. This feature reduces the time analysts spend and adds actionable insights to threat data, supporting strategic analysis and aligning with industry-standard threat categorization.
-
Data Migration Utility: The Data Migration Utility facilitates the transfer of cases, observables, entities, and indicators from SIR Threat Intelligence to TISC. Migrating large datasets can be challenging, especially between systems. This tool reduces the risk of data loss and minimizes manual effort. The utility assists users with transitioning to TISC, making it easier to adopt and integrate TISC into existing workflows without data disruptions.
-
Enhanced Integration with SIR: TISC now integrates more seamlessly with SIR by supporting threat score calculations that include security incident criteria from SIR. The TISC context tab in the SIR workspace provides relevant threat information for selected observables, with new actions to add incidents and observables to TISC cases. This closer integration increases the contextual information available during security incident response and aligns TISC and SIR workflows. Users can now track and score incidents in a single location, with TISC's intelligence contributing to SIR incident analysis.
-
Granular Expiration Policies: TISC now allows expiration policies to be set by IOC type, data source, or both. Automated IOC expiration ensures intelligence remains current by reducing outdated IOCs. This feature aims to maintain the platform's data hygiene and relevance, assisting users in focusing on actionable intelligence.
-
Webhook Support: TISC now offers webhook support for real-time, trigger-based notifications, keeping users updated on critical events or changes. This feature ensures teams stay synchronized and responsive to threat management.
-
Help Center: The Help Center is a user-friendly resource for feature documentation and guidance. It enables users to quickly learn features, troubleshoot issues, and fully utilize the platform independently, enhancing their experience and promoting quick adoption.
-
Other minor feature enhancements include an upgraded UI and interactive Relationship Visualizer, bi-directional APIs for both observable fetching and creation, and bulk upload support for taxonomy values. These enhancements aim to provide users with a more efficient experience.
TISC, developed on the ServiceNow platform, possesses the ability to leverage numerous core capabilities beyond its intrinsic features, utilizing the platform's extensive ecosystem for enhanced functionality. By capitalizing on ServiceNow's expansive marketplace of pre-built integrations and extensions, TISC can effortlessly integrate with third-party systems, broaden its capabilities, and provide comprehensive solutions tailored to meet diverse business requirements. Additionally, by adopting ServiceNow's continuous updates and advancements in fields such as artificial intelligence, machine learning, and predictive analytics, TISC can maintain a leading edge in innovation, delivering increased value to users while remaining agile and adaptable in an ever-evolving digital environment.
Key capabilities:
- Curated catalog of popular OSINT Threat feed sources.
- Integration of premium feeds to enhance threat intelligence.
- Capability to automatically identify and extract all observables from the uploaded files.
- Granular expiration policies
- Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
- Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
- Correlation rules for automatically establishing relationships between observables.
- Customizable threat score calculator for nuanced threat assessment.
- Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
- User-specific dashboards tailored for Threat Intel personas.
- Graphical visualization tools for comprehending Threat Intel data.
- Dedicated Threat Intel Analyst Workspace for streamlined operations.
- Threat hunting with case/task management functionalities and interactive investigation canvas
- Automated MITRE ATT&CK Technique extraction and rollup.
- Enable seamless integration with SIR and facilitate smooth data migration from Threat Intelligence within SIR to the Threat Intelligence Security Center.
- Establish notification rules to trigger alerts based on threat intelligence.
- Define data retention and cleanup policies.
- Generate and share status reports and investigation summaries using Case reports' rich text editor experience and customizable report templates.
- Domain separation support for MSSP use cases.
- Integrate with security tools using TISC API.
- Point integrations with security tools and sample flows for automated actions
- Webhook support for real-time, trigger-based notifications
- Data migration utility for migration from SIR Threat Intelligence module to TISC
Find more details about each feature on our product documentation.
Important Links:
- Link to the app on store: Threat Intelligence Security Center
- Link to the documentation: TISC Product documentation
Want to know more about the product?
If you are interested in having a 1:1 conversation and would like to see a demo of this product, you can reach out to your ServiceNow Account Executive or Sales Representative, or simply comment on this post.
