true
Blog Improve Efficiency of Intelligence Analysis Using IOC Management Feature

Improve Efficiency of Intelligence Analysis Using IOC Management Feature

Cyber observables and IOCs are the building blocks of intelligence analysis. They're critical to making accurate decisions throughout the investigative workflow, but effectively managing this vast amount of IOC data is challenging.

Today we are excited to release our new IOC Management feature that will streamline IOC management throughout the entire indicator lifecycle. This new feature will help you upload large numbers of IOCs, classify IOCs into groups, augment them with additional context, and automatically surface them in internal investigations and threat hunts. 

IOC-Management_Panel

How is this different than existing capabilities on TruSTAR?

Until now, IOCs on the TruSTAR platform were always embedded in reports. They didn’t exist as independent entities. Reports provide an elegant way of grouping related threat intelligence so that it can be viewed as comprehensive analysis, but they limit an analyst’s ability to investigate a specific IOC or a group of IOCs and contextualize them. This change is a first step in a larger initiative that will allow users to more easily analyze cyber and fraud investigations and track TTP’s, campaigns, and actors, and visualize relationships between them.

Great! Tell me more…

As an end user of the TruSTAR platform you can now take the following actions:

  • Mass Enrichment - Upload large lists of IOC’s and their associated context into one or more enclaves and let TruSTAR automatically augment them with additional enrichment.
  • Group Tagging - Use tags to easily manage IOCs as individual entities or large groups of IOCs that share some common characteristics - like “ddos”, “brand protection,” “APT28,” etc.
  • Visualize Context - Track enrichment of individual IOCs over time in our graph visualizations and quickly identify correlations with other intelligence sources.

IOC-Management_Graph

These actions will let analysts quickly complete tasks including:

  • Batch Processing - Send a large number of IOCs to TruSTAR using the API or Station via structured or unstructured data format and have the platform provide enrichment for each IOC.
  • Mass Exporting - Export enriched IOCs, like IP addresses, that have a specific tag associated with them, i.e. “ddos.”
  • Continuous Tracking - Keep a running list of IOCs and continuously update them with new context using the API or the Station.

IOC-Management_Ingest

Enrichment from our Machine Learning capabilities.

All IOCs processed by TruSTAR are rated using our machine learning models (you can read more about our model here). All IOCs rated as HIGH PRIORITY will be labeled accordingly and you will see them prominently displayed in the Explore view and the graph visualization.

I have a list of IOCs. How can I get started?

We have a number of options to get you started quickly based on how you have been storing IOCs. Check out our support site article and release notes to get started in less than five minutes.

We value your feedback and would like to learn about how to improve this feature. Don’t hesitate to get in touch with us at support@trustar.co to get started.

Enrich Your Data With Independent Threat Intelligence Research TruSTAR is a product built by analysts, for analysts. Back in our SOC days, we checked-in with influencers in our field whenever we had an indicator ... Read More
Unveiling Our New Blockchain Research Tool at Black Hat Arsenal and DEF CON Recon Village 2018 Las Vegas, Aug. 06, 2018 (GLOBE NEWSWIRE) — The data science team behind TruSTAR will be presenting the only blockchain research tool selected for ... Read More
We've Made It Easier For You To Find High-Priority Indicators Today we’re announcing a major update to our IOC management feature to help security teams identify high-priority indicators while investigating ... Read More