Blog

August 2022 Quarterly Product Release

Joe Ariganello
September 14, 2022
Table of contents
<p>The Anomali team continues to work with our customers to add their needed capabilities. With our August release, we’ve introduced new capabilities that continue our Focus to Enable Enterprise Organizations to Stay A Step Ahead of Adversaries.  </p> <p>Key Highlights for this Quarter Include:</p> <ul> <li>Creating Extended Visibility with Anomali and MITRE ENGENUITY</li> <li>Routine task automation accelerating analyst mean-time-to-respond</li> <li>Scheduled Retrospective Search</li> <li>Automated Response for The Anomali Platform</li> <li>Lens + Support for MITRE ATT&amp;CK Enterprise v10 and v11</li> <li>Simplified installation of Integrator 8.1</li> </ul> <h2> </h2> <h2>Anomali Attack Pattern Detection and MITRE ATT&amp;CK®: </h2> <p>In 2021, Anomali joined MITRE Engenuity’s Center for Threat-Informed Defense to collaborate on the Attack Flow Project to better understand adversary behavior and improve defensive capabilities. This partnership culminated with the public release of the project in March 2022. </p> <p>The Attack Flow project will provide context around adversary behavior and help security teams expertly profile the adversary. It will also enable them to protect the organization better before an attack, detect it in real-time, and respond post-attack.  </p> <p>I’m excited about this project and the things to come. Listen below to an excerpt from our recent webinar explaining the project.</p> <script async="" src="https://fast.wistia.com/embed/medias/e8d9x2ydpg.jsonp"></script><script async="" src="https://fast.wistia.com/assets/external/E-v1.js"></script> <div class="wistia_responsive_padding" style="padding:56.25% 0 0 0;position:relative;"> <div class="wistia_responsive_wrapper" style="height:100%;left:0;position:absolute;top:0;width:100%;"> <div class="wistia_embed wistia_async_e8d9x2ydpg videoFoam=true" style="height:100%;position:relative;width:100%"> <div class="wistia_swatch" style="height:100%;left:0;opacity:0;overflow:hidden;position:absolute;top:0;transition:opacity 200ms;width:100%;"><img alt="" aria-hidden="true" onload="this.parentNode.style.opacity=1;" src="https://cdn.filestackcontent.com/YEuKWZrjTImWF3YSJMk4" style="filter:blur(5px);height:100%;object-fit:contain;width:100%;"/></div> </div> </div> </div> <p> </p> <h2><br/> Routine Workflow Automation: </h2> <p>Customers are always looking for solutions that make their life easier. This release introduces the first phase of our Routine Task Automation Framework within ThreatStream Cloud that adds support for the automation of routine analyst tasks. </p> <p>This first phase allows users to define an enrichment routine that can be triggered against a given indicator in an investigation. Users can create multiple automated routines to build up a library of regular workflows to create one-click actions instead of an involved sequence of enrichment pivots or transforms. </p> <p>Users can also share created routines cross-functionally to foster team collaboration and increase efficiencies.</p> <p>Automating routine tasks in ThreatStream will help reduce noise by filtering out unwanted enrichment data, allowing analysts to focus and prioritize analysis efforts. </p> <p><img alt="" src="https://cdn.filestackcontent.com/RzNBLO1Stuh1nQdMXWCj"/></p> <p>Screenshot: Configuring a Routine Task Automation - running multiple (up to 20) enrichments with one button click</p> <h2>Scheduled Retrospective Search</h2> <p>One of the critical features of our cloud XDR solution is the ability to search for matches in an environment retrospectively. Customers can schedule automated retrospective searches to correlate against new intelligence findings automatically.  </p> <p>This automated process will enable security teams to detect real-time threats in their environment and provides insights into new threat actors, bulletins, and other threat models.</p> <p><img alt="" src="https://cdn.filestackcontent.com/gRxD72sSWCREblWgxY1O"/></p> <p>Screenshot: Showing a list of already configured Retrospective Searches, scheduled to run at specific cadences</p> <h2>Automated Response for The Anomali Platform</h2> <p>Alerts within The Anomali Platform identify malicious IoCs within a customer’s environment that trigger a series of actions that enable an effective response. The key is distributing IOCs to clients’ security tools within appropriate timeframes for mitigation and remediation. </p> <p>With this release, we’ve enabled workflows allowing matched indicators to tag IOC content distributed to downstream security controls automatically. </p> <p>In this first phase, we’ve enabled a pre-defined set of the response-focused tags as an XDR Alert that can be correlated and pushed to the relevant configured destinations. </p> <p>Look for more info in upcoming releases.</p> <h2>Lens+  support for MITRE ATT&amp;CK Framework v10 and v11</h2> <p>Lens is one of the best offerings we have at Anomali. Lens is a powerful natural language processing engine that quickly operationalizes threat intelligence by automatically scanning digital content. Lens can be deployed as a browser extension or a Microsoft Office application (Word, Excel, Outlook).</p> <p>With this release, we’ve added support for MITRE ATT&amp;CK Enterprise v10 &amp; v11 and recognition of the latest MITRE variants. Users will now be able to view both MITRE TTP and Attack Pattern information and any risk scores, context, and event matches that might have been sighted in your environment. </p> <p>This update is currently available to Anomali Lens+ subscribers only.</p> <p><img alt="" src="https://cdn.filestackcontent.com/EeAfU9EfQXCJjVZWlaHR"/></p> <p>Screenshot: Lens highlighting TTPs</p> <h2>Simplified installation of Integrator 8.1</h2> <p>Integrator is pivotal in operationalizing your intelligence to your security stack. With this release, we’ve simplified the installation process to significantly improve the customer experience when configuring new/existing extensions. </p> <p>This simplified installation process means that extensions only need to be configured once and can then be re-used as necessary. All configuration options will be presented individually (no need for manual editing of JSON configuration text.)  </p> <p>In addition, we’ve added.</p> <ul> <li>Saved Search filtering - allows the use of ThreatStream saved search in both Source &amp; Destination filters; instead of asking users to write new filters for Integrator, these are available to look up in ThreatStream via Integrator UI. (requires Version 2 of Intel API). <ul> <li>Saved search filters are copied into the destination filter and not dynamically updated.</li> </ul> </li> <li>Digital Signatures - all Integrator download files (for both application and extensions) are now digitally signed with a trusted certificate. <ul> <li>Prevents windows from triggering AV alerts and allows secure delivery of the new extension process. (Digital Signatures is being added to Integrator 8.1 later in  September/October)</li> </ul> </li> <li>Priority tagging now means that intelligence found via Match alerts and appropriately tagged with be prioritized in Integrator and not adversely affected by destination limits. </li> </ul> <p>These updates will eliminate much of the previously-required manual effort and be fully operational when all extensions have been repackaged by October. </p> <p>For a complete list of updates, check out the monthly release webinars available on Anomali University or reach out to your customer success manager.</p> <p>Until next time.</p>
Joe Ariganello

Joe Ariganello is the former VP of Product Marketing at Anomali.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

September 14, 2022
-
Joe Ariganello
,

August 2022 Quarterly Product Release

No items found.
<p>The Anomali team continues to work with our customers to add their needed capabilities. With our August release, we’ve introduced new capabilities that continue our Focus to Enable Enterprise Organizations to Stay A Step Ahead of Adversaries.  </p> <p>Key Highlights for this Quarter Include:</p> <ul> <li>Creating Extended Visibility with Anomali and MITRE ENGENUITY</li> <li>Routine task automation accelerating analyst mean-time-to-respond</li> <li>Scheduled Retrospective Search</li> <li>Automated Response for The Anomali Platform</li> <li>Lens + Support for MITRE ATT&amp;CK Enterprise v10 and v11</li> <li>Simplified installation of Integrator 8.1</li> </ul> <h2> </h2> <h2>Anomali Attack Pattern Detection and MITRE ATT&amp;CK®: </h2> <p>In 2021, Anomali joined MITRE Engenuity’s Center for Threat-Informed Defense to collaborate on the Attack Flow Project to better understand adversary behavior and improve defensive capabilities. This partnership culminated with the public release of the project in March 2022. </p> <p>The Attack Flow project will provide context around adversary behavior and help security teams expertly profile the adversary. It will also enable them to protect the organization better before an attack, detect it in real-time, and respond post-attack.  </p> <p>I’m excited about this project and the things to come. Listen below to an excerpt from our recent webinar explaining the project.</p> <script async="" src="https://fast.wistia.com/embed/medias/e8d9x2ydpg.jsonp"></script><script async="" src="https://fast.wistia.com/assets/external/E-v1.js"></script> <div class="wistia_responsive_padding" style="padding:56.25% 0 0 0;position:relative;"> <div class="wistia_responsive_wrapper" style="height:100%;left:0;position:absolute;top:0;width:100%;"> <div class="wistia_embed wistia_async_e8d9x2ydpg videoFoam=true" style="height:100%;position:relative;width:100%"> <div class="wistia_swatch" style="height:100%;left:0;opacity:0;overflow:hidden;position:absolute;top:0;transition:opacity 200ms;width:100%;"><img alt="" aria-hidden="true" onload="this.parentNode.style.opacity=1;" src="https://cdn.filestackcontent.com/YEuKWZrjTImWF3YSJMk4" style="filter:blur(5px);height:100%;object-fit:contain;width:100%;"/></div> </div> </div> </div> <p> </p> <h2><br/> Routine Workflow Automation: </h2> <p>Customers are always looking for solutions that make their life easier. This release introduces the first phase of our Routine Task Automation Framework within ThreatStream Cloud that adds support for the automation of routine analyst tasks. </p> <p>This first phase allows users to define an enrichment routine that can be triggered against a given indicator in an investigation. Users can create multiple automated routines to build up a library of regular workflows to create one-click actions instead of an involved sequence of enrichment pivots or transforms. </p> <p>Users can also share created routines cross-functionally to foster team collaboration and increase efficiencies.</p> <p>Automating routine tasks in ThreatStream will help reduce noise by filtering out unwanted enrichment data, allowing analysts to focus and prioritize analysis efforts. </p> <p><img alt="" src="https://cdn.filestackcontent.com/RzNBLO1Stuh1nQdMXWCj"/></p> <p>Screenshot: Configuring a Routine Task Automation - running multiple (up to 20) enrichments with one button click</p> <h2>Scheduled Retrospective Search</h2> <p>One of the critical features of our cloud XDR solution is the ability to search for matches in an environment retrospectively. Customers can schedule automated retrospective searches to correlate against new intelligence findings automatically.  </p> <p>This automated process will enable security teams to detect real-time threats in their environment and provides insights into new threat actors, bulletins, and other threat models.</p> <p><img alt="" src="https://cdn.filestackcontent.com/gRxD72sSWCREblWgxY1O"/></p> <p>Screenshot: Showing a list of already configured Retrospective Searches, scheduled to run at specific cadences</p> <h2>Automated Response for The Anomali Platform</h2> <p>Alerts within The Anomali Platform identify malicious IoCs within a customer’s environment that trigger a series of actions that enable an effective response. The key is distributing IOCs to clients’ security tools within appropriate timeframes for mitigation and remediation. </p> <p>With this release, we’ve enabled workflows allowing matched indicators to tag IOC content distributed to downstream security controls automatically. </p> <p>In this first phase, we’ve enabled a pre-defined set of the response-focused tags as an XDR Alert that can be correlated and pushed to the relevant configured destinations. </p> <p>Look for more info in upcoming releases.</p> <h2>Lens+  support for MITRE ATT&amp;CK Framework v10 and v11</h2> <p>Lens is one of the best offerings we have at Anomali. Lens is a powerful natural language processing engine that quickly operationalizes threat intelligence by automatically scanning digital content. Lens can be deployed as a browser extension or a Microsoft Office application (Word, Excel, Outlook).</p> <p>With this release, we’ve added support for MITRE ATT&amp;CK Enterprise v10 &amp; v11 and recognition of the latest MITRE variants. Users will now be able to view both MITRE TTP and Attack Pattern information and any risk scores, context, and event matches that might have been sighted in your environment. </p> <p>This update is currently available to Anomali Lens+ subscribers only.</p> <p><img alt="" src="https://cdn.filestackcontent.com/EeAfU9EfQXCJjVZWlaHR"/></p> <p>Screenshot: Lens highlighting TTPs</p> <h2>Simplified installation of Integrator 8.1</h2> <p>Integrator is pivotal in operationalizing your intelligence to your security stack. With this release, we’ve simplified the installation process to significantly improve the customer experience when configuring new/existing extensions. </p> <p>This simplified installation process means that extensions only need to be configured once and can then be re-used as necessary. All configuration options will be presented individually (no need for manual editing of JSON configuration text.)  </p> <p>In addition, we’ve added.</p> <ul> <li>Saved Search filtering - allows the use of ThreatStream saved search in both Source &amp; Destination filters; instead of asking users to write new filters for Integrator, these are available to look up in ThreatStream via Integrator UI. (requires Version 2 of Intel API). <ul> <li>Saved search filters are copied into the destination filter and not dynamically updated.</li> </ul> </li> <li>Digital Signatures - all Integrator download files (for both application and extensions) are now digitally signed with a trusted certificate. <ul> <li>Prevents windows from triggering AV alerts and allows secure delivery of the new extension process. (Digital Signatures is being added to Integrator 8.1 later in  September/October)</li> </ul> </li> <li>Priority tagging now means that intelligence found via Match alerts and appropriately tagged with be prioritized in Integrator and not adversely affected by destination limits. </li> </ul> <p>These updates will eliminate much of the previously-required manual effort and be fully operational when all extensions have been repackaged by October. </p> <p>For a complete list of updates, check out the monthly release webinars available on Anomali University or reach out to your customer success manager.</p> <p>Until next time.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.
No items found.