Explore Threat Intelligence Security Center

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Explore Threat Intelligence Security Center

The Threat Intelligence Security Center (TISC) is a comprehensive application designed to facilitate collaboration among threat intelligence teams. It enables the collection, processing, analysis, and sharing of various threat intelligence feeds within a dedicated workspace. TISC supports enhanced data management including deduplication, normalization, aggregation, and dissemination of threat intelligence. It also provides administrative tools to streamline operations.

Show full answer Show less

Key Features

Curated Catalog of OSINT Threat Feeds: Access a wide range of popular open-source threat intelligence feeds for broad coverage.
Premium Feed Integration: Incorporate premium threat feeds to improve intelligence quality.
Automated Observable Extraction: Automatically extract key observable types from uploaded files for efficient data ingestion.
Diverse Data Aggregation: Support for multiple data formats such as STIX, MISP, and JSON ensures seamless feed consolidation.
Enrichment and Validation: Enhance data quality by removing false positives, assigning confidence scores, validating indicators, and adding context.
Integration Capabilities: Includes Threat Lookup, Sighting Search, Observable Enrichment, CrowdStrike Falcon EDR support, and orchestration with SIEMs, EDRs, and Firewalls.
Correlation Rules Engine: Automatically links intelligence records to identify threat patterns.
Customizable Threat Scoring: Allows fine-tuning of threat scores for accurate assessments.
Internal Intelligence Integration: Connects with internal sources like Vulnerability Response, Security Incident Response, and CMDB.
User-Specific Dashboards: Provides tailored visualizations to improve user experience based on threat intelligence roles.
Graphical Visualization Tools: Offers relationship graphs and interactive canvases to simplify complex threat data analysis.
Dedicated Analyst Workspace: Streamlined environment focused on investigation and analysis tasks.
Threat Case Management: Supports workflow management with task tracking and case handling.
MITRE ATT&CK Integration: Links cases to the MITRE ATT&CK framework for advanced kill chain analysis.
Seamless SIR Integration: Ensures interoperability with Security Incident Response applications.
Notification & Alert Rules: Configures alerts to notify teams based on evolving threats.
Data Retention & Cleanup Policies: Maintains performance and compliance through data management rules.
Reporting & Collaboration: Generates customizable reports and facilitates team collaboration.
Domain Separation for MSSPs: Supports multi-tenant environments for secure customer data segregation.
Extensive API Integration: Provides APIs for integration with other security tools and platforms.

Users and Roles

Administrator: Responsible for configuring and maintaining TISC, including data source setup and intelligence settings management.
Analyst: Conducts threat research and analysis, imports intelligence, and utilizes tools for collaboration and library management.

Key Terminology

The Home page in TISC Workspace serves as the landing page, offering summaries such as Feeds Overview, Trending Threats, and Intelligence Sharing to visualize threat intelligence data effectively.

Threat Intelligence Security Center (TISC) enables you to collaborate with the threat intelligence teams and has multiple capabilities to collect and process various threat intelligence feeds and a workspace to analyze, collaborate, action, and share the necessary information.

Watch an overview about the Threat Intelligence Security Center application.

Threat Intelligence Security Center is enhanced with capabilities to manage data collection, data processing such as DE-duplication, normalization and aggregation, analysis of threat intelligence, dissemination of threat intelligence, and also workspace that provides the administration tasks.

Key features

The following are the Threat Intelligence Security Center (TISC) key features that are explained in detail in the further sections:

Curated Catalog of OSINT Threat Feeds: Provides access to a broad selection of popular open-source threat intelligence feeds, confirming wide coverage.
Premium Feed Integration: Enhances the quality of threat intelligence by integrating premium feeds.
Automated Observable Extraction: Automatically identifies and extracts the commonly used observable types from uploaded files, streamlining the threat data ingestion process.
Diverse Data Aggregation: Supports multiple data formats including STIX, MISP, JSON, and others, enabling seamless feed consolidation.
Enrichment Capabilities & Validation: Provides enrichment and validation capabilities by removing false positives, assigning confidence scores, validating indicators, and adding contextual information to improve data quality.
The TISC integration capabilities:
- Enrichment integrations includes Threat Lookup, Sighting Search and Observable Enrichment.
- - Enriches observables with threat intelligence, performs sighting searches and threat look ups to determine maliciousness of an observable.
  - Supports CrowdStrike Falcon EDR with continuous monitoring and real-time alerting.
- Security Tool integrations for orchestration such as SIEMs, EDR and Firewalls.
Correlation Rules Engine: Automatically establishes relationships between intelligence records, enabling deeper insight into threat patterns.
Customizable Threat Scoring: Enables fine-tuning of threat scores for more nuanced and accurate threat assessment.
Internal Intelligence integration: Enables integration of internal intelligence sources, including Vulnerability Response (VR), Security Incident Response (SIR), and Configuration Management Database (CMDB).
User-Specific Dashboards: Tailors visualizations and data views according to Threat Intelligence personas, improving user experience and relevance.
Graphical Visualization Tools: Facilitates understanding of complex threat intelligence data through intuitive graphical visualizations such as relationship graphs and interactive investigation canvases to simplify threat intelligence analysis.
Dedicated Analyst Workspace: Provides a dedicated, streamlined Threat Intelligence Analyst workspace that enables threat intelligence analysts to focus on investigation and analysis with minimal distractions.
Threat Case Management: Supports investigative workflows with task tracking and case handling.
MITRE ATT&CK Integration: Enables users to link case records with MITRE ATT&CK framework data for enhanced kill chain analysis.
Seamless SIR Integration: Ensures smooth data migration and interoperability between Security Incident Response and Threat Intelligence Security Center applications.
Notification & Alert Rules: Establishes trigger alerts to notify teams based on evolving threat intelligence.
Data Retention & Cleanup Policies: Enables organizations to define data management rules to maintain application performance and compliance.
Reporting & Collaboration: Generates comprehensive status reports and investigation summaries using rich-text editors and customizable templates.
Domain Separation for MSSPs: Supports multitenant environments, enabling Managed Security Service Providers (MSSPs) to segregate customer data securely.
Extensive API integration: Offers TISC API for seamless connectivity with other security tools and platforms.

Threat Intelligence Security Center users


User	Description
Administrator	Administers and configures the initial setup and ongoing maintenance of the Threat Intelligence Security Center, including configuring data sources and managing intelligence settings.
Analyst	Threat Intelligence Analysts are responsible for conducting analysis and research tasks requested by the team. They can import ad hoc intelligence to support their work and use the system’s tools for analysis, collaboration, and managing the intelligence library.