No tricks, just treats from Pulsedive this Halloween season. We're pleased to announce a minor version update to the Pulsedive platform, aimed at providing more information in fewer steps across your threat intelligence workflows. From heftier threat pages to boosts for Enterprise customers, this update directly addresses several great suggestions and requests from our users.
Enhanced Threat Research
Pulsedive's Highlights section at the top of every threat page now includes:
- Suspected Attributions by Country
- Target Industries
- Associated Tactics, including those inferred by Technique and Sub-Technique attributes
Searchable Threat Attributes
Clicking on any Highlights on a threat page will take you to the full Attributes section. From there, you can now pivot on each attribute tag, which will create an Explore query for further filtering, pivoting, or export.
The previous Tactics & Techniques matrix is now higher up on the page for quicker access, with a separate Attributes section containing Tactic and Technique attribute tags. These two formats support different research needs: 1) navigating attack progression with all techniques and sub-techniques nested under their respective tactics, and 2) broken out in alphabetical order for focused search and pivoting.
Users can now benefit from Analyst Notes populated by Pulsedive Threat Research and vetted Pulsedive Contributors. Where added, Analyst Notes provide additional context to any descriptions from MITRE ATT&CK.
Target Industries & Suspected Attribution
We're expanding data that users can find on Pulsedive threat pages by adding Target Industries and Suspected Attribution.
Pulsedive Target Industry tags primarily reference the STIX 2.1 Industry Sector Vocabulary. Below is a table mapping STIX 2.1 and Pulsedive industries.
Suspected Attribution is added by 2-letter country codes, consistent with IBAN Country Codes.
Below is an example of using Explore to query threats by suspected attribution.
Enterprise TIP Benefits
Search Submissions by User
Admins can search for IOC and threat submissions by username in Explore using the "username=" search term to simplify tracking, editing, and sharing.
Meaningful Threat Profiles
All Community Platform updates to threats pages, as described above, are also included in Enterprise TIP instances.
Enterprise users can create and edit private Analyst Notes to keep track of proprietary research and insights relevant for your organization.
Along with Industry Targets, Suspected Attribution, Comments, References, and more, Pulsedive threat pages are now highly customizable and a robust single source of truth for your tracked threats.
Other UI and Performance Improvements
- Streamlined and improved formatting for Comments and Properties throughout the platform
- New Submit confirmation on IOC pages, including the ability to add a comment (all registered users) or adjust attributes and risk score (Enterprise TIP customers) before submission
We hope you find these enhancements valuable and look forward to your feedback as we continue fine-tuning existing features and releasing new functionality for our users.
Post Credit Scene - Help out with Research on CTI Collaboration
Don't forget to lend a hand to the CTI community by participating in the CTI Networking Survey before Thanksgiving. Sharing your perspective and insights will help define and refine the world of threat intelligence collaboration.