Welcome to the April
edition of the Anomali Product Update, where we provide you with the
latest and greatest news for Anomali solutions.
Integrator Update
- Integrator
7.0.0
- Integrator
6.9.6
- VMWare
Carbon Black Cloud Enterprise EDR - Integrator Extension
ThreatStream Updates
- ThreatStream Cloud
- Diamond
Model Attributions in Investigations
- New
Permission Controls for Onboarding Emails
- Email Distribution Groups for
Keyword Alerts
- Associate Vulnerabilities in an
Import Session
- Reporting
Enhancements: Templates and Export
- Parameterized
URL Support
- Sources
Improvements
- VMRay
Commercial
- FireEye
Feeds Self-Service
- New
Feed Engines
Anomali Lens
- Anomali
Lens in ThreatStream
Integrator Update
Integrator 7.0.0
Integrator 7 has just
been released. This major release marks a new milestone for Integrator,
with a completely new user interface, improved usability, along with
updates to the supported integrations.
Integrator 7 also comes
with updated OS support, with Windows 2016 and Windows 2019 now
supported.
The release and
documentation are available in the ThreatStream downloads page under
latest feature release in ThreatStream Integrator.
Integrator 6.9.6
With the release of
Integrator 7, we have designated Integrator 6.9.6 as our recommended
stable release. This will be supported until the end of December 2020 and
maintains support for operating systems deprecated by the Integrator 7
release.
A note on upgrading to
6.9.6 when using Snapshot: By default, the ThreatStream Splunk App uses
port 8089 to download the Snapshot. Please ensure that your firewall
allows connections from the Splunk server where the Splunk App is
installed to this port on Integrator.
You can find instructions
within ThreatStream Integrator Install Admin Guide required to change the
default port if port 8089 is already in use, use the procedure detailed
under "Reconfiguring the Snapshot Port".
VMWare Carbon Black Cloud Enterprise EDR -
Integrator Extension
A new integrator
extension has been released, which allows you to push your threat
intelligence into the VMWare Carbon Black Cloud Enterprise EDR platform,
using either a full delta sync option.
For more information,
please download the extension and user guide from the ThreatStream
downloads page.
ThreatStream Updates
ThreatStream Cloud
Diamond Model Attributions in Investigations
With this enhancement,
users can assign any investigation entity to any feature on the diamond
model in investigations.
New Permission Controls for Onboarding Emails
With this enhancement,
new ThreatStream users will be able to see the permissions they have
access to on ThreatStream when they receive their onboarding email.
Email Distribution Groups for Keyword Alerts
With this enhancement,
users can specify the recipients of the keyword alerts by choosing a
specific workgroup.
Associate Vulnerabilities in an Import Session
Users can now associate
vulnerabilities (as a threat model type) to entities brought in during
import.
Reporting Enhancements: Templates and Export
ThreatStream has added
customizable reporting structures with organization-wide templating,
corporate branding and content selection. All users may access templates
through the model export dialogue. Ownership determines who can edit /
update, or whether users need to “Create New.”
Parameterized URL Support
Enabled ingesting of URL
parameters and sending the information downstream where supported.
Sources Improvements
Author and source of
threat models are now included in the threat models search results table.
VMRay Commercial
New sandbox integration
with similar functionality to the Joe Security implementation.
FireEye Feeds Self-Service
Users that leverage the
FireEye feeds can now configure their feed in the FireEye tile.
New Feed Engines
- Sixgill
Darkfeed™ IOC
- Fireeye
- Cyber
New Jersey
Anomali Lens
Anomali Lens in ThreatStream
ThreatStream now provides
a builtin version of the Anomali Lens browser plugin— the cybersecurity
industry’s first natural language processing (NLP) based web content
parser. This functionality enables organizations to benefit from Anomali
Lens within ThreatStream, without needing to install the plugin.
Thank you for
being an Anomali customer.
Please contact support@anomali.com for more information.
|