Our latest 6.1 release includes several upgrades to both Pulsedive Community and Enterprise TIP offerings that enhance threat tracking and analysis, introduce flexible admin configuration options, and create a more frictionless user experience. Read on to learn what's new and improved - with plenty of visual examples.
- Glean More from Threat & Feed Pages
- Get Inspired in Explore
- Customize It: Enterprise TIP (Admins)
- Easy Data Management in Enterprise TIP
- Other Improvements
Glean More from Threat & Feed Pages
For all of our users, we've added ways to do more with Indicators, Threats, Feeds, and Explore.
Shared Indicator Screenshots are now available across associated indicators on Threat and Feed pages. If a picture tells a thousand words, the same picture used across several known indicators of compromise may tell a thousand more. See examples in the Screenshots section of our Phishing threat page.
We've also added new and improved ways to review Shared Indicator Attributes and Properties to better analyze and correlate technical infrastructure and behavior.
Users can pivot directly to an Indicator Explore Query from a Threat or Feed page. From there, add filters, properties, attributes and more using wildcards and Boolean logic to create detailed searches for deeper analysis and quickly export results.
Get Inspired in Explore
Speaking of Explore, dive in with popular search queries and filters for both indicators and threats.
It takes one click to add risky indicators, recently seen indicators, and more to your Explore query. Plus, try more detailed searches under our new Example Use Cases section.
Similar to indicators, you can now see all threats in Pulsedive, from MITRE ATT&CK or tagged with specific technologies by adding these popular threat queries.
Customize It: Enterprise TIP (Admins)
For Enterprise TIP users, 6.1 comes with numerous ways to tailor and tune your platform. Under the new Rules interface for all Admin roles, you can add new attribute types, set aging rules, edit STIX input mapping, and even create new threat categories.
The introduction of Custom Attribute Types allows for flexible tagging across indicators and threats, with regex validation. This makes it easier than ever to adapt Pulsedive's TIP to your own tracking, categorization, and automation across your security tech stack workflows. Custom attributes created in your TIP will immediately show up across the platform.
Custom Aging Rules determine how and when indicators are automatically retired based on time, activity, type, and risk level.
Editable STIX Input Mapping determines how STIX objects are mapped to Pulsedive threat categories as they are ingested into the platform.
Continuing from above, Admins can now create, monitor, and edit Threat Categories.
Together, these powerful Admin controls help keep your threat intelligence knowledge base curated, consistent, and convenient to use.
Easy Data Management in Enterprise TIP
In addition to new ways to structure your data, we've also improved indicator and threat updating capabilities. Under Explore for Enterprise TIPs, query and select indicators to update in bulk. Add comments, edit risk level, add/remove data, and retire/activate thousands of indicators with one click.
Adding and removing data includes Pulsedive threats and attributes like host types, ports, protocols, tactics, techniques, and technologies. New custom attributes will show up as well.
Looking to monitor a new threat? Enterprise users now have the ability to add a threat from a convenient modal. Include aliases, categories, and a risk score.
Once a threat is created, edit and add key information like country code and industry, related threats, and primary references in real-time.
Pulsedive automatically pulls in related references from STIX feeds, reputable news, and blog sources to all existing threats. Now, you can now add your own in as well.
As with our other releases, we've included many UI and backend performance updates. These quality of life enhancements include, but are not limited to:
- Dark and light theme updating across tabs and windows
- Rewritten and improved performance/reliability with Explore queries
- Improved hash searching and handling for Enterprise TIP environments
- Clearer iconography (e.g. retired and active indicators)
- More intuitive and legible auto-complete suggestions when searching from the home page, dashboard, or top right search bar
- More intuitive instructions for scanning and submitting on indicator pages
- Minor UI bug fixes
- A refreshed home page :)
Like the changes? Have a suggestion for our next release? Get in touch at firstname.lastname@example.org.