Cyware Fusion and Threat Response

Cyware introduces Cyware Query Language (CQL) in CFTR to build structured queries and retrieve relevant data. Analysts can also save and reuse the CQL queries. For example, to retrieve the high-priority IP Spoofing incidents that are in the open state, you can use the following CQL query:

"Status" = “Open” AND "Severity" = “High” AND "Incident Type" = "IP Spoofing"

Administrators can now allocate the user access controls, such as Business Units, Locations, and User Groups, to multiple users at one go. For example, when a new business unit is added, administrators can allocate the business unit to multiple users.

Connect the Dots feature now displays suggestions for untriaged incidents using the CFTR Machine Learning algorithm. This helps security analysts to find related data and provide contextual information even before the incident triage is complete.

Security analysts can pin important notes in incidents and allow the stakeholders to easily find relevant information in one place.

Cyware introduces Role-Based Access Control (RBAC) for users to view the data displayed on dashboards and reports based on their user groups, allowed locations, and allowed business units.

CFTR v3.1.0 provides the following enhancements:

Administrators can configure incident fields to request analysts to enter notes for updating the field values. For example, to change the severity of incidents, analysts must enter the reason for the change. This helps incident managers and other security analysts to find the reason behind the change from the incident activity logs and notes.

The Overview and Preparation phases in incident export templates are now made non-mandatory. Administrators can choose any phase or field to create incident export templates.

In addition to the time spent on each incident response phase, the incident summary now displays the total time spent on an incident.

CFTR v3.1.0 provides the following functionalities for the analysts to manage dashboards: