true
Blog We've Made It Easier For You To Find High-Priority Indicators

We've Made It Easier For You To Find High-Priority Indicators

Today we’re announcing a major update to our IOC management feature to help security teams identify high-priority indicators while investigating incidents on our platform. Our model now accounts for threat activity context of the specific IOC. For example, was the IOC observed scanning IP addresses or part of a command and control infrastructure? Now TruSTAR’s platform can help you find the answer.

Starting today High-Priority IOCs will have a greater emphasis in TruSTAR’s graph visualizations. You will see a red halo around these IOCs to help you easily identify indicators that have the most actionable input to your analysis workflow.

Newsletter_IOC-Prioritization

How do I take advantage of these enhancements?

The ability to triage and escalate investigations quickly while maintaining accuracy is critical to your SOC workflow. Being able to identify High-Priority IOCs in our graph visualization by sight will help guide you through a more focused investigation.

When you click on a High-Priority IOC, the details panel on the left will provide you with more contextual data about the IOC, as well as the enrichment details that are used to compute the High-Priority label.

High-Priority-IOC_details-panel

The prioritization model will also be applied to our new IOC Management feature, visible in our Explore view. This will help you easily identify High-Priority IOCs from the list and analysts interested in threat hunting can use these IOCs as a starting point.

High-Priority-IOC_list-view

How does the scoring model work?

IOC prioritization is determined based on our scoring model. The model makes use of several features including relationships within TruSTAR’s network of Private Enclaves, the timing of IOC relationships and how they are changing over time, as well as assessments from other intel sources on our Marketplace.

The metrics powering these scores are designed to provide you with the most accurate and timely insights available on the TruSTAR platform.  


What's next?

We will be further integrating IOC prioritization into your overall user experience by making it available on the Dashboard in the near future. To provide feedback please email us at support@trustar.co or contact your customer success representative.

TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations We recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it ... Read More
How to Get the Most out of Your Community Plus Toolkit TruSTAR is the Intelligence Management Platform that powers some of the largest ISAC/ISAO threat intelligence exchanges in North America.  Read More
Announcing TruSTAR Phishing Triage & New Intelligence Scoring Capabilities Today TruSTAR has launched Phishing Triage, a new suite of features designed to automatically ingest, extract, normalize, prioritize, and take action ... Read More
COVID-19 Intelligence Briefing: What Happens Next? TruSTAR recently held an intelligence briefing with leaders from IBM X-Force IRIS, BAE Systems, and Intel471 to discuss the threatscape surrounding ... Read More