Table of contents
SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating new features while improving existing features. Discover in this article, all the news published in October 2021.
Operation Center: New alert details page
Understanding an alert has never been that easy!
Thanks to the new alert details page you will be able to :
- Get an overview of the reasons why the alert was raised.
- Create a Case from an alert or link it to an existing Case.
- Consult the timeline of actions performed on an alert.
- View and interact with the events linked to the alert.
- Use SEKOIA.IO’s CTI during your investigations.
You can find all details in our documentation!
New feature: The observables page
In addition to the contextualized IoCs provided by SEKOIA.IO CTI Feed, we offer you now a qualified observable database to facilitate your monitoring!
Observables are technical elements structured in STIX, aggregated in our knowledge base, which are not necessarily IoCs but that facilitate monitoring and investigation. An observable can form a threat and can contain interesting information associated with a context allowing a quick doubt lifting on an alert raised.
How to use the Observables?
You need context on a raised alert and you can’t find the associated context in the IoCs database? You can look at the observables page now, you will find information that will guide your investigation through tags and relationships.
You can find all details in our documentation !
New observables: Dynamic Domains
A list of more than 5,000 dynamic domains has been added to the SEKOIA.IO Observables database. Dynamic domains are regularly used maliciously by threat actors or malware.
It is complemented by a new detection rule (Dynamic DNS contacted) with a “Master” level of effort: often led to contextualize the rule when activated in order to reduce the false positive rate.
New exclusive source : SEKOIA Twitter Watcher
We have created a new source “SEKOIA Twitter Watcher” that automatically retrieves IOC’s from a qualified list of relevant Twitter accounts that share technical CTI on current threats.
If you liked this article, we invite you to share it. You can also read our recent article :
- What is cyber threat intelligence (CTI)?
- Détail d’une alerte, base observables, nouvelle source exclusive… les nouveautés d’octobre 2021
- SIGMA, design and MITRE ATT&CK… new features of the XDR and CTI platform
- Centralization of EDR alerts, new detections and trackers… the novelties of November 2021
- Threat Intelligence is not (only) on a spectrum
- Calisto show interests into entities involved in Ukraine war support
- Unveiling of a large resilient infrastructure distributing information stealers
- Peeking at Reaper’s surveillance operations
Chat with our team!
Would you like to know more about our solutions? Do you want to discover our XDR and CTI products? Do you have a cybersecurity project in your organization? Make an appointment and meet us!