Cyware Fusion and Threat Response

Previously, we had enhanced the Knowledge Base by allowing the analysts to search and link existing documented solutions to Incidents. Now the users can manually add/link an existing Knowledge Base article to the Incident they are currently working on.

We have further enhanced the Knowledge Base to provide recommendations on the most relevant Knowledge Base articles that suit the Incidents under investigation with the help of Machine Learning (ML). With this feature in place, analysts can instantly refer to the relevant past Incident protocols and policies.

The Activity Logs feature is now included in Knowledge Base to help Analysts and Admin audit user activities or track changes. The Activity Log is upgraded to list the current and previous tasks/actions. Timestamps are also added to the log when a user creates or changes a Knowledge Base article.

The CFTR Dashboard has now been revamped to show streamlined, actionable data. It now displays data-at-a-glance by collecting data from the Incidents observed in CFTR. With this feature, the security analysts will spend less time analyzing and responding to high-risk threats and proactively stop them early in the attack kill chain.

Key Benefits of Dashboard Revamp

Key features of the Dashboard Revamp

The integration of Playbooks from CSOL with Actions in CFTR helps the user Run Details of the playbook chosen, view sub playbooks, view app details, or modify a playbook with custom input directly from CFTR. Users can also define their own Actions beyond the default Actions to accomplish the business process workflow logic as per their requirements.

The playbooks that you search or filter are obtained from the CSOL application. To integrate CSOL into your application, refer to Settings.

You can now export data to view and obtain a detailed audit log of all the activities happening in CFTR. CFTR now supports export in PDF format.

CFTR now allows the bulk-import feature to add as many users at a time. Apart from essential user data such as first name, last name, email address, and phone number, you can set user roles, define admin/agent's privileges, and add users to an organization.

You can use bulk import by downloading the template and importing the same using the Import XLSX option. CFTR supports Bulk import only via an XLSX file.

Note: You must be an administrator to bulk import users.

Until recently, playbook suggestions from CSOL were displayed on CFTR based on Incident Type. We have now enhanced the suggestions by implementing ML recommendations to analysts based on Incident attributes.

We have brought about the Incident attributes such as Description, Title, IOCs, Incident Type, Severity, Vulnerabilities, etc to recommend a playbook. Analysts can easily view relevant playbooks automatically based on similar Incidents and Incidents attributes.

CFTR users will now get notified of Shift Roster updates or changes. Notification emails to the users are triggered at the following instances,

CFTR now allows analysts to add SLA for Actions. Action SLAs allow security teams to attend to every action on time and helps you personalize the creating and management of escalations accordingly. With the guided setup, you can quickly build a prioritized workflow your team needs to hit your response and resolution time goals.

With Actions SLAs in place, you can

CFTR now displays SLA status on the listing section of Incidents. You can view the Open and Closed SLAs of Incidents for the

CFTR assists in sending notifications by creating awareness about the status of an SLA in real-time at specific events to ensure the best response times. By default, the user must set up the following Thresholds,

SLA Warning Threshold: Alerts the user when the SLA is about to breach.

SLA: Alerts the user at the actual SLA breach time.

Breached SLA Threshold 1: Alerts the user when the first SLA Threshold is breached.

Breached SLA Threshold 2: Alerts the user when the second SLA Threshold is breached.

CFTR users will now receive an alert email 24 hours prior to account deactivation. To revoke the account from deactivation and continue accessing the platform they can contact the Admin.

We have synchronized sending emails and notification alerts to CFTR users. Syncing up emails and notifications reduces the hassle of staying updated to the current changes even when your users are away from their desks.

Our Activity Logs are restructured to provide more visibility to the tasks and action items that are changed, created, or updated. You can now view the previous change that was superseded with the new change details, time, and date along with the name of the user who implemented the change.

CFTR users can now customize the emails they want to see by checking or unchecking their names under Email customization. The following are the emails that can be customized.