true
Blog We've Made It Easier For You To Find High-Priority Indicators

We've Made It Easier For You To Find High-Priority Indicators

Posted on by Shimon Modi, Head of Product

Today we’re announcing a major update to our IOC management feature to help security teams identify high-priority indicators while investigating incidents on our platform. Our model now accounts for threat activity context of the specific IOC. For example, was the IOC observed scanning IP addresses or part of a command and control infrastructure? Now TruSTAR’s platform can help you find the answer.

Starting today High-Priority IOCs will have a greater emphasis in TruSTAR’s graph visualizations. You will see a red halo around these IOCs to help you easily identify indicators that have the most actionable input to your analysis workflow.

Newsletter_IOC-Prioritization

How do I take advantage of these enhancements?

The ability to triage and escalate investigations quickly while maintaining accuracy is critical to your SOC workflow. Being able to identify High-Priority IOCs in our graph visualization by sight will help guide you through a more focused investigation.

When you click on a High-Priority IOC, the details panel on the left will provide you with more contextual data about the IOC, as well as the enrichment details that are used to compute the High-Priority label.

High-Priority-IOC_details-panel

The prioritization model will also be applied to our new IOC Management feature, visible in our Explore view. This will help you easily identify High-Priority IOCs from the list and analysts interested in threat hunting can use these IOCs as a starting point.

High-Priority-IOC_list-view

How does the scoring model work?

IOC prioritization is determined based on our scoring model. The model makes use of several features including relationships within TruSTAR’s network of Private Enclaves, the timing of IOC relationships and how they are changing over time, as well as assessments from other intel sources on our Marketplace.

The metrics powering these scores are designed to provide you with the most accurate and timely insights available on the TruSTAR platform.  


What's next?

We will be further integrating IOC prioritization into your overall user experience by making it available on the Dashboard in the near future. To provide feedback please email us at support@trustar.co or contact your customer success representative.
New Context Panel Helps Analysts Prioritize Reports Faster Using Trusted Intelligence Sources By Shimon Modi, Head of Product on September 30, 2019 Introducing the New Context Panel Reducing friction in the analyst workflow is central to how we evolve our product. Today TruSTAR has released a new ... Read More
IBM & City of Los Angeles Select TruSTAR to Build Security Tool for Local Businesses By Chris Godfrey, Fraud Intelligence Lead on September 23, 2019 On Tuesday, at the 2019 LA Cyber Lab Summit, The City of Los Angeles announced their business partnership with IBM Security and TruSTAR to help local ... Read More
Ingest Intelligence Faster With the New TruSTAR Google Chrome Extension By Shimon Modi, Head of Product on December 18, 2018 If you’re an intelligence analyst, you’re probably spending a lot of time searching and scraping the internet for threat intelligence to speed ... Read More
Enrich Your Data With Independent Threat Intelligence Research By Shimon Modi, Head of Product on August 16, 2018 TruSTAR is a product built by analysts, for analysts. Back in our SOC days, we checked-in with influencers in our field whenever we had an indicator ... Read More

Browse Topics

Subscribe to Updates

Recent Posts