Key features

• Curated Catalog of OSINT Threat Feeds: Provides access to a broad selection of popular open-source threat intelligence feeds, confirming wide coverage.
• Premium Feed Integration: Enhances the quality of threat intelligence by integrating premium feeds.
• Automated Observable Extraction: Automatically identifies and extracts the commonly used observable types from uploaded files, streamlining the threat data ingestion process.
• Diverse Data Aggregation: Supports multiple data formats including STIX, MISP, JSON, and others, enabling seamless feed consolidation.
• Enrichment Capabilities & Validation: Provides enrichment and validation capabilities by removing false positives, assigning confidence scores, validating indicators, and adding contextual information to improve data quality.
  The TISC integration capabilities:

  • Enrichment integrations includes Threat Lookup, Sighting Search and Observable Enrichment.
  • • Enriches observables with threat intelligence, performs sighting searches and threat look ups to determine maliciousness of an observable.
    • Supports CrowdStrike Falcon EDR with continuous monitoring and real-time alerting.
  • Security Tool integrations for orchestration such as SIEMs, EDR and Firewalls.
• Correlation Rules Engine: Automatically establishes relationships between intelligence records, enabling deeper insight into threat patterns.
• Customizable Threat Scoring: Enables fine-tuning of threat scores for more nuanced and accurate threat assessment.
• Internal Intelligence integration: Enables integration of internal intelligence sources, including Vulnerability Response (VR), Security Incident Response (SIR), and Configuration Management Database (CMDB).
• User-Specific Dashboards: Tailors visualizations and data views according to Threat Intelligence personas, improving user experience and relevance.
• Graphical Visualization Tools: Facilitates understanding of complex threat intelligence data through intuitive graphical visualizations such as relationship graphs and interactive investigation canvases to simplify threat intelligence analysis.
• Dedicated Analyst Workspace: Provides a dedicated, streamlined Threat Intelligence Analyst workspace that enables threat intelligence analysts to focus on investigation and analysis with minimal distractions.
• Threat Case Management: Supports investigative workflows with task tracking and case handling.
• MITRE ATT&CK Integration: Enables users to link case records with MITRE ATT&CK framework data for enhanced kill chain analysis.
• Seamless SIR Integration: Ensures smooth data migration and interoperability between Security Incident Response and Threat Intelligence Security Center applications.
• Notification & Alert Rules: Establishes trigger alerts to notify teams based on evolving threat intelligence.
• Data Retention & Cleanup Policies: Enables organizations to define data management rules to maintain application performance and compliance.
• Reporting & Collaboration: Generates comprehensive status reports and investigation summaries using rich-text editors and customizable templates.
• Domain Separation for MSSPs: Supports multitenant environments, enabling Managed Security Service Providers (MSSPs) to segregate customer data securely.
• Extensive API integration: Offers TISC API for seamless connectivity with other security tools and platforms.

Threat Intelligence Security Center users