Release Notes 3.2
Features
Community Sharing Rules
CSAP now allows you to automate the sharing and receiving of alerts that are repeatable and criteria-based. Rules allow you to configure a set of instructions that can perform automated alert sharing and receiving tasks when the defined condition occurs. With the current implementation, analysts can use Rules to share and receive alerts. This will help organizations and communities streamline manual tasks and will also enable simplifying complex workflows for alert sharing and receiving.
Rules can be created using three simple components.
Trigger: Choose Alert Sharing or Alert Receiving as a trigger for the rule.
Conditions: Define conditions to govern when actions should run. You can also build queries using logical operators and view them in the custom query builder.
Actions: Define the actions to run when the conditions are met.
Custom Email Templates
CSAP comes with new in-built customizable email templates for admins to send email notifications with the desired look and include the right information required by the members. Admins can customize the emails sent from CSAP using the new in-built WYSIWYG template builder which makes it easy to add the necessary images and content to meet specific requirements.
We have also provided a default set of predefined templates for each email type. The templates are categorized as Actions, Login, User Registration, Request for Information, and Surveys. We will be adding more email templates for your customization. You can reuse the information in the email template to preview an email before saving it.
Partner Feed Advisory Marketplace
With a goal to provide CSAP users with timely and accurate threat intelligence information, Cyware has introduced a Partner Feed Advisory Marketplace with prominent threat feed providers namely Flashpoint, Risk IQ, Sectrio, and Polyswarm. Threat intelligence feeds provided by the listed feed providers will be directly ingested into the CSAP application and shared with members. CSAP offers partner feeds as a bundle. Admins can choose to enable feeds from the available list of sources.
Enhancements
Threat Assessment Enhancements
The threat assessment feature is now more powerful and helps analysts to handle more use cases of evaluating threat intel, verifying perceived threat intel, and assessing their impact or severity. Additionally, analysts can include service-level agreements (SLAs) for threat assessments. This allows analysts to send automatic reminders at the specified time interval to members for responding to threat assessments.
Threat assessment SLAs: Analysts can create SLAs from Settings and apply them to the required threat assessments while creating alerts.
Threat assessment templates: Analysts can create templates for threat assessment and quickly apply them while creating alerts.
Create new threat assessment: Analysts can also create new threat assessments while creating alerts. Analysts can attach two types of threat assessments to alerts.
Threat assessment that requires text response
Threat assessment that requires members to choose a response