	> customer > 공지사항

제목

[기본] [Anomali] Anomali Product Update

날짜

2020.04.24 11:29

글쓴이

관리자

조회

1523

Anomali Product Update 4월 에디션이 아래와 같이 릴리스 되었습니다.

Integrator에서는 VMWare Cabon Black Cloud Enterprise EDR이, ThreatStream에서는 FireEye 피드 셀프 서비스가 추가되었습니다.

자세한 내용은 아래에서 확인할 수 있습니다.

Product update email bg

Welcome to the April edition of the Anomali Product Update, where we provide you with the latest and greatest news for Anomali solutions.

Integrator Update

Integrator 7.0.0
Integrator 6.9.6
VMWare Carbon Black Cloud Enterprise EDR - Integrator Extension

ThreatStream Updates

ThreatStream Cloud

Diamond Model Attributions in Investigations
New Permission Controls for Onboarding Emails
Email Distribution Groups for Keyword Alerts
Associate Vulnerabilities in an Import Session
Reporting Enhancements: Templates and Export
Parameterized URL Support
Sources Improvements

VMRay Commercial
FireEye Feeds Self-Service
New Feed Engines

Anomali Lens

Anomali Lens in ThreatStream

Integrator Update

Integrator 7.0.0

Integrator 7 has just been released. This major release marks a new milestone for Integrator, with a completely new user interface, improved usability, along with updates to the supported integrations.

Integrator 7 also comes with updated OS support, with Windows 2016 and Windows 2019 now supported.

The release and documentation are available in the ThreatStream downloads page under latest feature release in ThreatStream Integrator.

Integrator 6.9.6

With the release of Integrator 7, we have designated Integrator 6.9.6 as our recommended stable release. This will be supported until the end of December 2020 and maintains support for operating systems deprecated by the Integrator 7 release.

A note on upgrading to 6.9.6 when using Snapshot: By default, the ThreatStream Splunk App uses port 8089 to download the Snapshot. Please ensure that your firewall allows connections from the Splunk server where the Splunk App is installed to this port on Integrator.

You can find instructions within ThreatStream Integrator Install Admin Guide required to change the default port if port 8089 is already in use, use the procedure detailed under "Reconfiguring the Snapshot Port".

apr1

VMWare Carbon Black Cloud Enterprise EDR - Integrator Extension

A new integrator extension has been released, which allows you to push your threat intelligence into the VMWare Carbon Black Cloud Enterprise EDR platform, using either a full delta sync option.

For more information, please download the extension and user guide from the ThreatStream downloads page.

ThreatStream Updates

ThreatStream Cloud

Diamond Model Attributions in Investigations

With this enhancement, users can assign any investigation entity to any feature on the diamond model in investigations.

apr2

New Permission Controls for Onboarding Emails

With this enhancement, new ThreatStream users will be able to see the permissions they have access to on ThreatStream when they receive their onboarding email.

apr3

Email Distribution Groups for Keyword Alerts

With this enhancement, users can specify the recipients of the keyword alerts by choosing a specific workgroup.

apr4

Associate Vulnerabilities in an Import Session

Users can now associate vulnerabilities (as a threat model type) to entities brought in during import.

apr5

Reporting Enhancements: Templates and Export

ThreatStream has added customizable reporting structures with organization-wide templating, corporate branding and content selection. All users may access templates through the model export dialogue. Ownership determines who can edit / update, or whether users need to “Create New.”

apr6

Parameterized URL Support

Enabled ingesting of URL parameters and sending the information downstream where supported.

apr7

Sources Improvements

Author and source of threat models are now included in the threat models search results table.

apr8

VMRay Commercial

New sandbox integration with similar functionality to the Joe Security implementation.

apr9

FireEye Feeds Self-Service

Users that leverage the FireEye feeds can now configure their feed in the FireEye tile.

apr10

New Feed Engines

Sixgill Darkfeed™ IOC

Premium & Freemium

Fireeye
Cyber New Jersey

Anomali Lens

Anomali Lens in ThreatStream

ThreatStream now provides a builtin version of the Anomali Lens browser plugin— the cybersecurity industry’s first natural language processing (NLP) based web content parser. This functionality enables organizations to benefit from Anomali Lens within ThreatStream, without needing to install the plugin.

apr11

Thank you for being an Anomali customer.
Please contact support@anomali.com for more information.