Consolidated page of all release notes for Threat Intelligence Security Center from Zurich to Australia.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Threat Intelligence Security Center release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Zurich to Australia.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."
Important information for upgrading Threat Intelligence Security Center to Australia
Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
New features
Between your current release family and Australia, new features were introduced for Threat Intelligence Security Center.
| Release |
Release notes |
Zurich |
- Configure Threat Intelligence External Sharing
- Take advantage of external sharing for secure, automated, and on-demand dissemination of threat intelligence using STIX 2.1 and MISP formats. Supports sharing across external agencies (CISA, ISAC), integrations (SIEMs,
EDRs), TAXII-based TISC instances, and inbound intelligence from external entities.
- About Report Templates in TISC
- Generate reports outside case management using base templates through a new reporting section in the Threat Intelligence Library.
- Configure custom MISP API feed
- Import events, attributes, and objects from the MISP server into the Threat Intelligence Library.
- Configure Custom Event Types for Timeline and Using Timeline in Investigation Canvas
- Define, visualize, and manage timeline events associated with nodes through the Investigation Canvas.
- Configuring TISC add-on in Splunk
- Include optional attributes during configuration that can be stored in the Splunk KV Store.
- Configure custom CrowdStrike feed
- Map CrowdStrike Indicator Malicious confidence to TISC confidence.
- View Threat Intel Feeds
- Map specific source values to required observable fields during import process.
|
Australia |
- Have I Been Pwned integration
- Added support in TISC for Have I been pwned? (HIBP) observable enrichment, enabling analysts to identify whether observables have been exposed in known data breaches instances.
- Configure Tagging Rules in TISC
- Introduced automated tagging of RSS feed records using configurable tagging rules to apply tags and taxonomies.
- Create a CWE record
- Introduced CWEs as related entities with support for relationship linking.
- Create Remediations
- Introduced remediations as related entities with support for relationship linking and added support for managing remediations.
- Create a Product
- Introduced products as related entities with support for relationship linking.
- Create a Vendor to a Vulnerability
- Associated vendors as related entities with support for relationship linking.
- Automated creation of zero day vulnerability
- Automatically generate zero day vulnerability records from flagged RSS feeds with extracted and linked CPE, CWE, and CVE details for enhanced threat analysis. The catalog now includes the RSS feed for Google
Project Zero, enabling real-time detection of emerging threats.
- Create Vulnerability Assessment from a Vulnerability
- Initiate vulnerability assessments directly from identified issues for faster risk evaluation. Sample workflows and flow actions are included to automate the assessment process.
- Create Security Incident from a Vulnerability Record
- Create security incident records directly from detected vulnerabilities to expedite incident response and streamline threat management workflows.
- Enable security incidents for vulnerabilities
- View vulnerabilities and related intelligence in the TISC Context tab of Security Incident Response Workspace, allowing analysts to quickly access risk data during investigations without navigating to separate records.
|
Changes
Between your current release family and Australia, some changes were made to existing Threat Intelligence Security Center features.
| Release |
Release notes |
Zurich |
|
Australia |
- MITRE ATT&CK Technique Extraction Rules and View extracted MITRE ATT&CK Techniques
- Enabled MITRE-ATT&CK extraction rules for RSS feed to map and associate MITRE-ATT&CK techniques.
- View RSS Feeds
- Enhanced the RSS feed schema and parsers to support additional fields, including tags, taxonomies, status, and expiration time.
- Export intelligence data, Sharing of Outbound Intelligence Records from GUI, and Add to TAXII Collections from Library List View
- Enhanced STIX 2.1 export to include Traffic Light Protocol (TLP) definitions applied to intelligence objects as TLP 2.0 marking definition objects. For more information, see Marking Definition.
- System properties for TISC Reports
- The system property
sn_sec_tisc.reporting.email_template_sn_sec_tisc_case is no longer supported in TISC. It has been renamed to sn_sec_tisc.default_report_email_template, effective with the latest release.
- Configure custom MISP API feed
- Enhanced MISP API feed ingestion to handle events when the published timestamp is greater than the modified timestamp.
- Define Vulnerability and Access the Vulnerability Entities
- Enhanced the vulnerability schema to support additional vulnerability intelligence fields related to CVSS scoring, exploit details, and remediation information.
|
Removed
Between your current release family and Australia, some Threat Intelligence Security Center features or functionality were removed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Deprecations
Between your current release family and Australia, some Threat Intelligence Security Center features or functionality were deprecated.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Activation information
Review information on how to activate Threat Intelligence Security Center.
Additional requirements
If any additional requirements were introduced or changed for Threat Intelligence Security Center we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Threat Intelligence Security Center we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Accessibility information
Review details on accessibility information for Threat Intelligence Security Center, such as specific requirements or compliance levels.
| Release |
Release notes |
Zurich |
|
Australia |
No updates for this release. |
Localization information
If there are specific localization considerations for Threat Intelligence Security Center we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Highlight information
If there are specific highlight considerations for Threat Intelligence Security Center we have noted them here.
| Release |
Release notes |
Zurich |
- External sharing is now generally available, allowing secure and automated sharing of threat intelligence in STIX 2.1 and MISP formats.
- Redesigned the Investigation Canvas with activity timelines, added internal intelligence, improved node design and interactions, enhanced related records to retrieve all the associated records, and upgraded the MITRE card with
filter capabilities for a smoother experience.
- Introduced the ability to import events directly from the MISP server.
- Implemented a unified mapping experience for the text based feeds such as TEXT, CSV, and JSON import formats.
- Implemented confidence mapping for the CrowdStrike (CS) Feed as part of additional settings. You can now map the malicious confidence levels of CrowdStrike indicators to the observable confidence values.
See Threat Intelligence Security Center for more information.
|
Australia |
- Introduced observable enrichment through the Have I been pwned? integration, enabling analysts to determine whether email address and domain observables appear in known data breaches and review associated breach metadata.
- Enhanced the vulnerability schema to support additional intelligence fields such as CVSS scoring, exploit details, and remediation information and RSS feed processing with support for additional fields such as tags,
taxonomies, and expiration time, and enabled linking RSS feed to related artifacts.
- Added support for managing vulnerability intelligence in the Threat Intelligence Library, including related products, vendors, CWEs, and associated remediations, identifiers, attributes, and vendor comments.
- Added automated tagging and MITRE-ATT&CK extraction rules to apply tags, taxonomies, and associate relevant techniques. Added automated cleanup of duplicate source records generated during the aggregation process.
- Added automated zero day vulnerability detection from RSS feeds with enhanced correlation, streamlined Security Incident Response workflows, and integrated intelligence context in Security Incident to support faster threat analysis.
See Threat Intelligence Security Center for more information.
|