Security Workbench
Notice
This feature is available in Collaborate v3.8 onwards and only for Cyware cloud-based deployments.
Collaborate's Security Workbench offers a range of cybersecurity tools and resources to enhance your security operations.
Tools
The following tools are supported as part of the Security Workbench:
The Fang Defang tool in Collaborate is used to neutralize or defang IOCs. It changes the format of the IOCs, which facilitates secure sharing and analysis. Similarly, you can also fang data that is defanged.
Use the following information while using the Fang Defang tool in Collaborate:
To manually fang or defang indicators, enter indicator data and click Fang or Defang respectively.
To upload a file of indicators to be fanged or defanged, click Upload. The supported file formats are .json, .xls,.txt, .xml, and .csv and the maximum file size is 10 MB.
To download a CSV report of fanged and defanged data, click the ellipsis and select Download.
A CVSS calculator assesses and quantifies the severity of security vulnerabilities using the Common Vulnerability Scoring System. It assigns a numerical score based on factors such as impact and exploitability, which helps you prioritize and address security issues. You can use the CVSS calculator in Collaborate to analyze the severity of vulnerabilities for timely mitigation.
Use the following information while using the CVSS Calculator:
Switch between CVSS 3 and CVSS 2 formats based on your preference.
Select the values for all metrics of your choice. Ensure you select values for all the mandatory metrics for the Base Score. After selecting values for the metrics, click Show Scores. The scores are now available for your reference.
To generate a new set of scores, click Reset Scores.
The Structured Threat Information eXpression (STIX) Converter is a tool that converts different versions of STIX data. STIX is a standard language for expressing and sharing cybersecurity threat information, and the converter facilitates compatibility between different versions of this standard. Collaborate supports the conversion of versions 1.x, 2.0, and 2.1.
Use the following information while using the STIX Converter:
To manually convert data into the supported formats, enter the STIX data, select the format, and click Convert.
To upload a STIX file for conversion, click the ellipsis, and select Upload. The supported file format for STIX 1.x is .xml. For STIX 2.0 and 2.1, the supported file format is .json. The maximum file size supported is 10 MB.
To download a CSV report of the converted data, select Download.
The Encode-Decode: Base64 tool performs Base64 encoding and decoding. Encoding converts binary data into a text-based format while decoding reverses this process. This contributes to secure data handling, analysis of encoded information, and addressing challenges associated with transmitting binary data in text-based systems.
Use the following information while using the Encode-Decode: Base64:
To encode or decode binary data, enter the binary data and click Encode or Decode.
To download a CSV report of the encoded or decoded data, click the vertical ellipsis, and select Download.
The SPDX Converter in Collaborate supports converting SPDX to STIX and Common Security Advisory Framework (CSAF).
Converting SBOM to STIX helps you have improved visibility into the security posture of software components, streamlined integration with threat intelligence platforms, and enhanced collaboration. In Collaborate, the SPDX data is converted to STIX 2.1 format.
Converting SPDX to CSAF VEX is beneficial for streamlining the communication of security-related information, and ensuring compatibility with widely adopted standards and tools in the cybersecurity domain.
Use the following information while using the SPDX Converter:
To convert data SPDX data into STIX or CSAF VEX formats, enter the data and click Convert.
To download a CSV data report, click the vertical ellipsis and, select Download.
Resources
You can access resources such as the Threat Response Docker, CyTAXII, Cyware's Contribution to MITRE CAR, Cyware Threat Feeds, and Cyware Social as part of Community Offerings in Collaborate.
Threat Response Docker: Cyware Threat Response Docker enables you to collect, extract, and analyze threat intelligence, while also offering OSINT capabilities.
CyTAXII: Interact with TAXII servers using CyTAXII, an open-source Python library. It allows you to consume threat intelligence from various sources in STIX format and contribute intel to a TAXII server collection.
Cyware's Contribution to MITRE CAR: Improve detection mechanisms using Cyware's Cyber Analytics Repository (CAR) project. It is a repository that offers a list of security hypotheses and simulated attacks.
Cyware Threat Feeds: Get real-time insight into global threat data through Cyware's Threat Intelligence Feeds.
Cyware Social: Stay informed about the security landscape with Cyware Social. Access the latest security articles authored by analysts and receive top security updates from third-party sources.
Click Learn More to explore these resources in detail, based on your preference.