Anomali continues to innovate with intelligence-driven solutions. We are excited to announce the May Quarterly Release with the addition of Anomali Platform, Cloud XDR solutions, and direct integrations and enhancements to them. This allows customers to get the most out of our detection capabilities.
The main highlights of this quarter are:
- Extends Cloud XDR support with new direct telemetry sources
- Enhanced dashboard for the Anomali platform
- Extended TAXII 2.1 client support for shared indicators
- ThreatStream’s granular dashboard management
- Status Alerts for Threat Intelligence Feeds
- Unified filtering language across ThreatStream and Integrator
Direct integration with major endpoint partners
Continue to harness the power of modern, cross-cloud telemetry with this quarterly release. Expanded support for direct integrations with major endpoint vendors including Microsoft Defender, Crowdstrike, Carbon Black, and Amazon Web Services Virtual Private Network.
Users can quickly set up these and many other log sources using The Anomali Platform’s setup interface. The platform provides a native data mapping from log sources to an easily updatable XDR schema to optimize threat detection.
Screenshot – How users map log source data to Cloud XDR schema to optimize correlation efficiency.
Enhanced dashboard
This release also introduces a key dashboard that provides a multi-dimensional view that provides an instant snapshot of your environment using advanced search. The new dashboard includes:
Multidimensional view: Provides multiple visualizations showing the occurrence of IOC matches over time by source host, metric, iType, severity, confidence level, and more.
View Match Analysis: Provides analysis of threat intelligence feeds, indicator types, indicators, and DGA domains that match events in your network, such as matches over time, matches by iType, matches by metric, matches by DGA. .
Additionally, reports based on these dashboards can be scheduled and distributed to decision makers who do not have regular access to the platform, providing key insights and snapshots to executives and key stakeholders.
.png)
Screenshot: Example of an improved dashboard.
Extended TAXII 2.1 client support for shared indicators
TAXII™ (Trusted Automated Exchange of Intelligence Information) is an application protocol for exchanging intelligence over HTTPS. ThreatStream hosts TAXII server instances that can share observables with external applications, allowing out-of-the-box integration with products that consume security controls and other threat intelligence.
We have updated the ThreatStream TAXII client so that any application or product that wants to collect metrics using the TAXII 2.1 client will receive the intelligence without any issues.
New TAXII 2.x sites are easy to configure, allowing out-of-the-box integration with intelligence providers running TAXII 2.x servers. Customers can also choose between TAXII 1.1, 2.0 and 2.1 when configuring a new site for IoC collection.
ThreatStream’s full granular dashboard management
Dashboards provide quick snapshots of relevant data, allowing users to see what’s going on in their environment.
ThreatStream customers now have granular control over their dashboard to further customize their experience and view related items. Users can:
- Toggle default dashboard on and off
- Create up to 10 custom display dashboards and choose from a library of dashboards maintained by ThreatStream
- Drag and drop to edit the dashboard order and specify the user’s default dashboard
Dashboards can be drawn from user-created/user-visible libraries. Customers will still have access to custom and ATR-themed dashboards.
.png)
Screenshot: Highlights where users can easily add or remove custom dashboards from their dashboard view. Users can add up to 10 custom dashboards in addition to these standard dashboards.
Status Alerts for Threat Intelligence Feeds
It’s important to ensure that your team has the right intelligence at the right time. In this new release, we’ve integrated status notifications for the Threat Intelligence Feed so organizations can quickly identify issues with the Anomali APP Store’s Active Intelligence Feed. This allows customers to quickly determine if a problem arises from a specific information provider and engages a team for support if necessary.
When opening the details of an active feed within the APP Store, users can now see the status, time of the last event, and the interval between syncing intelligence for that feed.
We’ve also provided a series of color-coded lines for each feed or feed channel to represent status history over the last 30 days. Hover over each row to see the status of the request and the error rate for that day.
.png)
Screenshot: Status of some open source intelligence curated by Anomali – showing status history over the last 30 days.
Unified filtering language across ThreatStream and Integrator
Integrator plays a key role in operating intelligence from ThreatStream to the security stack. Integrator 8.0 now supports Intel API v2 and provides a unified filter language with Advanced Search in ThreatStream, so you can use the same filters in ThreatStream and Integrator to search the same dataset.
Content worth reading
Anomali recently launched a new series of eBooks that receive feedback from CISOs and other security practitioners on specific industry topics. If you haven’t already, download our eBook: Seven Cybersecurity Experts on Extended Detection and Response (XDR) on Seven Cybersecurity Experts to learn how XDR can help your organization.
Until the next quarter. If you have any questions, please contact your Customer Success Manager. Have a good summer!