Release Notes 3.5
We are excited to introduce you to the new and enhanced version of our latest release of Cyware Situational Awareness Platform - v3.5. This release comes with new features, a few enhancements, and minor bug fixes for the CSAP Analyst Portal.
New Features
Threat Defender Library
CSAP’s Threat Defender Library is a new content repository that contains information and files used in threat detection, hunting, and threat defense. The Threat Defender Library functions as an exclusive location for your SOC, incident response (IR), threat hunting (TH), and threat intelligence (TI) teams to collaborate and share detection content across your organization. The unique threat defender library content adds value to the existing threat hunting and detection workflows by quickly responding to organization-specific threats.
Using the Threat Defender Library, analysts can create, upload, maintain, collaborate, and share information of different types such as:
Threat detection files including Yara rules, log sources, Suricata, Snort Rules, and more
Rule files belonging to Splunk, QRadar, Devo, or other SIEMs
Analytics files such as CAR
Response files such as Playbooks
MITRE ATT&CK data including tactics, techniques, and sub-techniques
Analysts can choose to:
Save the threat defender content and maintain their organization repository.
Share the threat defender content with members by specifying recipient groups.
Attach and include threat defender content in alerts sent out from CSAP.
Use the out-of-the-box Cyware repository of threat defender templates and content. This content is a mix of content that is collated and sourced from a few open source providers. This will also include Cyware content.
Visualize metrics on the content created, Cyware content, pending reviews, approved content, and content shared with members.
The threat defender library enables an organization’s security operations teams to:
Reuse the content to quickly respond to organization-specific threats.
Reduce time spent by analysts researching the threats and provides ways to defend against threats.
Reuse on-the-ground proven defender content generated in different parts of the world or industry for similar threats.
Use analysis and files in the library such as a SIEM rule file to quickly send out information to a SIEM or XDR and for prompt action on threats.
Increase threat hunting capabilities and significantly reduce the time taken to detect and respond to a potential security incident.
Enhancements
Upgraded User Interface for Alerts
This release comes with a new and improved user interface for alerts and is aimed at improving overall usability. The user interface is greatly enhanced to encapsulate complete details of the alert creation process. The revamped user experience is smooth and helps analysts to easily create, share, or include details in alerts.
 |
Review and Publish Surveys
Members can now create surveys from the Member Portal and submit them to analysts for review. Analysts can review the surveys submitted by members, make any modifications and publish the surveys to selected recipient groups.
Email Alert Notification Template
Analysts can use the new predefined alert notification email template to customize and send the alert email notifications. They can customize it with the required placeholders such as TLP, published date, alert category, alert ID, tenant logo, tenant name, and more.
Collaboration Member List
Analysts can decide if they want the collaborators' member list to
Include members only from their organization or
Include members from other organizations.
Assign Public Groups to Members
Analysts can now assign any public groups to current or new members.
Allow or Block Browser Extension Submissions
Analysts can decide if they want to allow or block intel submissions made by members through Cyware Threat Intel Crawler using a new configuration setting in the analyst portal. If this configuration setting is turned off, members will not be able to use Cyware Threat Intel Crawler extension.
Test Connectivity between CSAP and CTIX
After setting up CSAP integration with CTIX, analysts can test if the connection was successfully established with the application. This can help analysts quickly check and verify the connectivity with CTIX at any time using this feature.
Search for Members by their City
Analysts can search and track members added to the CSAP analyst portal by their specific city. This new filter can help analysts perform advanced searches and fine-tune their search results.
Search for Alerts Using Specific Text in the Title
Analysts can search for alerts that contain a specific text. This new filter can help analysts perform advanced searches and fine-tune their search results for alerts.
Edit Members' Email addresses
Administrators can now edit member email addresses specified on the Analyst Portal. When there is a change in a member's email address, analysts can simply update the email address instead of disabling and creating a new account.
Bug Fixes
Analysts can upload and replace doc library files with the same name, TLP, and recipient groups.
Alert Category and TLP values are included in the exported alerts CSV file.
If you star mark a folder in the doc library, you can correctly view the folder and the files inside it in the Starred section.
User statistics for published alerts are correctly displayed in Published Alerts Stats.
Analysts are able to correctly search for alerts based on tags assigned to the alerts.
System user email addresses that are auto-created in CSAP to perform the automated, predefined, and repetitive actions will no longer receive system email notifications.