Having confidence in your intelligence sources is essential to running successful security operations. But measuring the effectiveness of how your intelligence sources perform against your data can be difficult.
At TruSTAR we firmly believe that the value of threat intelligence can and should be measured, which is why we’re rolling out a new Source Scoring feature.
We’re adding a new Dashboard that will leverage our Enclave architecture to quantify the value of intelligence sources relative to your organization’s data. The goal of Source Scoring is to let you quickly evaluate specific intelligence sources in your workflow and make more nuanced, actionable decisions on how to use the data from those sources.
Where can I find this feature?
You need to have a private Enclave to take advantage of this feature. Your Station Dashboard will now have a dedicated panel to help you quickly visualize how each intelligence source has scored against your private Enclave data. If you have access to more than one private Enclave, you can select the specific Enclave for which you want to see source scoring.
Who has access to this feature?
Source scoring is only available to TruSTAR users with private Enclaves. If you’re a free user associated with an ISAC/ISAO and interested in a trial with a private Enclave, click here.
How does this feature work?
The overall score is computed based on enrichment data from IPs, URLs, and Hashes. You can easily visualize the overall score and its breakdown for the different IOC types. The score takes into account whitelisted terms to prevent false positives from affecting the overall score. Each source score is personalized to the reports and IOCs in your specific Enclave. That’s why each of your Enclaves can have different source scores.
How are the scores calculated?
At a high level, the Source Score is calculated from three different indicator types - IPs, URLs, and Hashes. Each indicator’s score is weighted using the following evaluative criteria:
- Uniqueness Score - The Uniqueness Score calculates the probability of the intelligence source to provide unique correlations to your Enclave data.
- Timeliness Score - The Timeliness Score calculates the probability of the intelligence source to provide timely correlations to your Enclave data.
You can read the full technical documentation for this feature here.
What actions can I take based on this data?
You will be able to unsubscribe from sources based on the score and the value they are providing to your analysis workflow. We will also show you open source intelligence sources that you are not currently utilizing but would be valuable to your Enclave.
We’re starting with IPs, URLs and Hashes, and we will add more IOC types in future releases. We always welcome feedback at firstname.lastname@example.org. Reach out to your customer success rep to get a personal demo for your team on this new feature.
Ready to get started? Request an Enclave to learn how your sources are performing for you.