Announcing: Pulsedive 6.2

Pulsedive's latest release streamlines your threat intelligence workflow with enhanced threat research, revamped TTPs, and Enterprise benefits.

Announcing: Pulsedive 6.2

No tricks, just treats from Pulsedive this Halloween season. We're pleased to announce a minor version update to the Pulsedive platform, aimed at providing more information in fewer steps across your threat intelligence workflows. From heftier threat pages to boosts for Enterprise customers, this update directly addresses several great suggestions and requests from our users.

Enhanced Threat Research

Informative Highlights

Pulsedive's Highlights section at the top of every threat page now includes:

  • Suspected Attributions by Country
  • Target Industries
  • Associated Tactics, including those inferred by Technique and Sub-Technique attributes

Searchable Threat Attributes

Clicking on any Highlights on a threat page will take you to the full Attributes section. From there, you can now pivot on each attribute tag, which will create an Explore query for further filtering, pivoting, or export.

💡
Learn how get the most out of Explore with our Explore Guides for both Indicators and Threats.

Restructured TTPs

The previous Tactics & Techniques matrix is now higher up on the page for quicker access, with a separate Attributes section containing Tactic and Technique attribute tags. These two formats support different research needs: 1) navigating attack progression with all techniques and sub-techniques nested under their respective tactics, and 2) broken out in alphabetical order for focused search and pivoting.

Analyst Notes

Users can now benefit from Analyst Notes populated by Pulsedive Threat Research and vetted Pulsedive Contributors. Where added, Analyst Notes provide additional context to any descriptions from MITRE ATT&CK.

Example for Agniane Infostealer. Learn more about Agniane in our Research Blog (https://blog.pulsedive.com/analyzing-agniane-stealer/).
⚠️
If you see any inaccurate threat descriptions when using Pulsedive, make sure to reach out to support@pulsedive.com.

Target Industries & Suspected Attribution

We're expanding data that users can find on Pulsedive threat pages by adding Target Industries and Suspected Attribution.

Pulsedive Target Industry tags primarily reference the STIX 2.1 Industry Sector Vocabulary. Below is a table mapping STIX 2.1 and Pulsedive industries.

Target Industries
STIX 2.1 Pulsedive
agriculture Agriculture
aerospace Aerospace
automotive Automotive
chemical Chemical
commercial Commercial
communications Communications
construction Construction
defense Defense
education Education
energy Energy
entertainment Entertainment
financial-services Financial Services
government Government
emergency-services Emergency Services
government-local Government-Local
government-national Government-National
government-public-services Government-Public Services
government-regional Government-Regional
healthcare Healthcare
hospitality-leisure Hospitality Leisure
infrastructure Infrastructure
dams Dams
nuclear Nuclear
water Water
insurance Insurance
manufacturing Manufacturing
mining Mining
non-profit Non-profit
pharmaceuticals Pharmaceuticals
retail Retail
technology Technology
telecommunications Telecommunications
transportation Transportation
utilities Utilities
n/a Home Users
n/a Opportunistic (non-targeted)

Suspected Attribution is added by 2-letter country codes, consistent with IBAN Country Codes.

Below is an example of using Explore to query threats by suspected attribution.

Explore - Pulsedive
Search, filter, and pivot on IOCs by risk, threats, feeds, WHOIS, DNS, HTTP headers, country, and more using Pulsedive.

Enterprise TIP Benefits

Search Submissions by User

Admins can search for IOC and threat submissions by username in Explore using the "username=" search term to simplify tracking, editing, and sharing.

Meaningful Threat Profiles

All Community Platform updates to threats pages, as described above, are also included in Enterprise TIP instances.

Enterprise users can create and edit private Analyst Notes to keep track of proprietary research and insights relevant for your organization.

Along with Industry Targets, Suspected Attribution, Comments, References, and more, Pulsedive threat pages are now highly customizable and a robust single source of truth for your tracked threats.

Other UI and Performance Improvements

  • Streamlined and improved formatting for Comments and Properties throughout the platform
  • New Submit confirmation on IOC pages, including the ability to add a comment (all registered users) or adjust attributes and risk score (Enterprise TIP customers) before submission

We hope you find these enhancements valuable and look forward to your feedback as we continue fine-tuning existing features and releasing new functionality for our users.

Post Credit Scene - Help out with Research on CTI Collaboration

Don't forget to lend a hand to the CTI community by participating in the CTI Networking Survey before Thanksgiving. Sharing your perspective and insights will help define and refine the world of threat intelligence collaboration.

ℹ️
This research is a follow-up to the inaugural survey from 2022. Check out the full report here, or watch the SANS CTI Summit talk here.