Today we’re announcing a major update to our IOC management feature to help security teams identify high-priority indicators while investigating incidents on our platform. Our model now accounts for threat activity context of the specific IOC. For example, was the IOC observed scanning IP addresses or part of a command and control infrastructure? Now TruSTAR’s platform can help you find the answer.
Starting today High-Priority IOCs will have a greater emphasis in TruSTAR’s graph visualizations. You will see a red halo around these IOCs to help you easily identify indicators that have the most actionable input to your analysis workflow.
How do I take advantage of these enhancements?
The ability to triage and escalate investigations quickly while maintaining accuracy is critical to your SOC workflow. Being able to identify High-Priority IOCs in our graph visualization by sight will help guide you through a more focused investigation.
When you click on a High-Priority IOC, the details panel on the left will provide you with more contextual data about the IOC, as well as the enrichment details that are used to compute the High-Priority label.
The prioritization model will also be applied to our new IOC Management feature, visible in our Explore view. This will help you easily identify High-Priority IOCs from the list and analysts interested in threat hunting can use these IOCs as a starting point.
How does the scoring model work?
IOC prioritization is determined based on our scoring model. The model makes use of several features including relationships within TruSTAR’s network of Private Enclaves, the timing of IOC relationships and how they are changing over time, as well as assessments from other intel sources on our Marketplace.
The metrics powering these scores are designed to provide you with the most accurate and timely insights available on the TruSTAR platform.
We will be further integrating IOC prioritization into your overall user experience by making it available on the Dashboard in the near future. To provide feedback please email us at firstname.lastname@example.org or contact your customer success representative.