Threat Intelligence Security Center release notes

  • Release version: Washingtondc
  • Updated June 20, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Threat Intelligence Security Center Release Notes

    The ServiceNow® Threat Intelligence Security Center (TISC) application, introduced in the Washington DC release, connects security and IT teams to enhance threat response efficiency. It facilitates the organization and management of threat intelligence through comprehensive data collection, processing, and aggregation.

    Show full answer Show less

    Key Features

    • Threat Data Collection: Assists Cyber Threat Intelligence (CTI) teams in managing intelligence from various sources.
    • Threat Hunting: Enables analysts to search for threats utilizing curated intelligence and the MITRE Kill Chain Framework.
    • Threat Investigation: Utilizes Case Management for creating and tracking investigations.
    • Dashboards: Provides prioritized threat scores for defense strategies.
    • Threat Intelligence Feeds: Integrates premium feeds to enhance threat intelligence quality.
    • TISC Enrichment Integrations: Removes false positives and adds contextual information.
    • Administration Module: Allows customization of threat score calculations and correlation rules for observables.
    • Seamless Integration: Connects with SIR for data migration between Threat Intelligence and TISC.
    • Threat Analyst Workbench: Facilitates case creation and tracking for investigations and analysis activities.

    Key Outcomes

    By implementing the Threat Intelligence Security Center, organizations can expect improved collaboration between security and IT teams, enhanced threat response capabilities, and a structured approach to threat hunting and investigation. The application is available for installation via the ServiceNow Store, enabling users to access and utilize its features effectively.

    The ServiceNow® Threat Intelligence Security Center (TISC) application helps your organization connect security and IT teams, respond faster and efficiently to threats. TISC is a new application in the Washington DC release.

    Threat Intelligence Security Center highlights for the Washington DC release

    • Threat data collection and curation by assisting the Cyber Threat Intelligence (CTI) teams in organizing and managing threat intelligence gathered from various sources through the collection, processing, and aggregation of data.​
    • Threat hunting helps analysts in searching for threats using curated intelligence and the MITRE Kill Chain Framework.​
    • Threat Analysts have the ability to conduct research on threats, supporting the reactive and proactive needs of security teams.​
    • The Cyber Threat Intelligence teams can utilize the dashboards and assigned threat scores to prioritize the development of defenses against critical threats.​
    • Threat investigation helps the teams to create and track threat investigations using the Case Management feature.​

    See Threat Intelligence Security Center for more information.

    Important:
    Threat Intelligence Security Center is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Threat Intelligence Security Center features

    View Threat Intelligence Security Center Homepage
    Threat Intelligence Security Center homepage provides the data visualization to the threat intelligence.
    Threat Intelligence Security Center Catalog
    The catalog provides a curated list of Threat Intelligence feeds and enrichment integrations by enabling them after adding the required information, and also schedule the feeds
    Threat Intelligence Feeds
    Ability that provides the integration of premium feeds to enhance threat intelligence.
    TISC Enrichment Integrations
    Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
    Administration
    The Administration module enables the users to define correlation rules for establishing relationships between observables. Customize threat score calculator for nuanced threat assessment and also the integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
    TISC integration with SIR Workspace
    Seamless integration with SIR and data migration capabilities from Threat Intelligence to Threat Intelligence Security Center.
    Threat Intelligence Security Center Library
    Threat Analyst library is a dedicated Threat Intel Analyst Workspace for streamlined operations.
    Threat Analyst Workbench
    Ability to create cases or case tasks using Threat Analyst Workbench to create and track the threat investigations and analysis activities.

    Activation information

    Install Threat Intelligence Security Center by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Related ServiceNow applications and features

    Vulnerability Response
    Vulnerability Response is part of the Security Operations application suite. Together, these applications connect security to your IT department, increase the speed and efficiency of your response, and give you a definitive view of your security posture.
    Threat Intelligence
    The ServiceNow® Threat Intelligence application enables you to find indicators of compromise (IoC) and enrich security incidents with threat intelligence data.
    Security Operations common functionality
    When any of the plugins for the main Security Operations applications (Security Incident Response, Vulnerability Response, Threat Intelligence, or Configuration Compliance) are activated, the Security Support Common plugin is activated.