Release Notes 3.3
New Features
ISAC to ISAC Sharing
With the new ISAC-to-ISAC sharing feature, analysts can now utilize community sharing to its full potential by securely sharing threat intelligence with other ISACs. You can send a connection request to any community with a simple click of a button. This allows an easy exchange of strategic threat intel with your network ISAC communities to enable bi-directional sharing of threat intel.
The following image shows the list of ISACs you can connect:
The visual representation of connections provides analysts a detailed view of the threat sharing across ISACs.
CSAP offers the following features to manage ISAC-to-ISAC sharing:
ISAC Network: Displays all the ISACs and allows an analyst to send a request to connect for bi-directional threat intel sharing.
Request Management: Displays all the connection requests received from other ISACs along with pending, approved and declined requests.
Network Visualizer: Displays how you as an ISAC, communicate with other ISACs.
Communities: Displays all the organizations with which your ISAC is connected.
Credential Management: Allows you to generate and share credentials with other organizations to connect with, as well as revoke your connection with an organization.
Member Contribution Level (MCL)
The new MCL feature helps analysts to quickly understand the frequency, accuracy, and reliability of the threat intel shared by the members with an associated confidence statement. Analysts can configure weightage against parameters such as Contribution Average, Information Accuracy, Source Reliability, and Reporting Frequency. With the help of the confidence statement, analysts can make accurate and timely decisions to publish alerts from intel shared by members.
An example confidence statement can be: “The source of this threat intel is fairly reliable, the information is fairly accurate and shared by a less reporting organization.”
After an analyst has published the intel as an alert, other members can rate the alert to allow the information accuracy evaluation.
The confidence statement is configured based on the weight of the following parameters:
Contribution Average: The average number of intel received per organization or entity.
Information Accuracy: An assessment of the accuracy of the submitted information based on analyst evaluation and ranking of five values. This is configured against every organization or entity.
Source Reliability: An assessment of an organization's reliability, based on the analyst evaluation and ranking. This factor has five values and is configured against each organization or entity.
Reporting Frequency: The frequency with which the submitter's entity provides information to the organization’s analysts.
Member Dashboard
CSAP now offers the capability of sharing the custom dashboard with members. With the help of widgets and graphs, you can create member dashboards in the Analyst portal and share them with members. Members can view the shared dashboards from the Member portal.
Trend Analytics
With Trend Analytics in the Dashboard module, you can now view the top 10 trending IOCs and categories for a given time period. You can also see the total number of IOC counts against each of the IOCs. This helps analysts with effective analysis of the IOCs and categories to provide actionable threat intelligence to share within the community. You can use different graph forms to display the trends.