Threat intelligence is the information used by organizations to understand global cyber threats that may target them. This information is used to understand the attacks happening around the world.
SIRP Threat Intelligence module helps security teams mitigate risks, bolster incident response, and enhance your overall security ecosystem. This comprehensive threat intelligence module enables security analysts to ingest and explore threat advisories and verify applicability to the organization.
This is the list of all the ingested threat advisories (from various sources) which are to be reviewed by an analyst.
To access advisories currently in a pending state, go to the Main Menu, select Threat Intelligence, and click on Pending.
Main Menu > Threat intelligence > Pending
You can also view the details, or Edit/Delete any record by clicking on the respective icons provided under the Actions column.
If you wish to add an advisory, click on the Create Threat Intelligence button at the top left corner.
Fill in the following information on the next page:
Title: Title of advisory
Receive Date: The date when the advisory was received
Release Date: Actual date when advisory was released i.e. when the status was changed from Pending to Release
Asset: Choose this option if you tag an Asset in this advisory.
Asset Type: Choose this option if you are tagging an Asset Type (comprising multiple assets) in this advisory
Asset Type: Select the asset type to which a particular advisory pertains (the list of available types can be changed from the Admin section):
Department: Select the relevant department (the list of departments can be changed from the Admin section).
Type: The type of advisory that’s being created:
Analysis Summary: Enter important information about the threat
Description: Provide a brief description of the advisory
Indicator of compromise: Add artifacts such as:
Affected Vendors: In case of a patch-related advisory, select the vendor of the affected product
Affected Products: Select the exact product for which the advisory is being released
Impact: Describe the potential impact of the threat
Remediation: Provide suggested remediation. For example, apply patches, upgrade software versions, etc.
This list contains the threat advisories that have been released or circulated within an organization. To access Released advisories, open the Main Menu, select Threat Intelligence, and click on Release.
Main Menu > Threat Intelligence > Release
You can also download all list of all the released advisories by clicking on the icon at the top of the page.
Click on the Reports button displayed at the top of the page in order to generate a report of the released advisories.
You will be directed to a page where you can generate reports by choosing a date range and clicking on the Generate button.
You can click on the Cases button displayed at the top of the page to view Advisories-related cases.
The All tab shows all cases aggregated together, while Incident, Threat Intell Case, VM Cases show cases separated by the container.