4 Main components of SOD’s ThreatWatch 5.2 Release
We are pleased to announce version 5.2, a major upgrade to our Advanced Threat & Log Analysis Service (aka ThreatWatch), which arrives at the end of the month on June 30, 2020.
Key Enhancements & Capabilities
The 5.2 upgrade includes many new capabilities and enhancements, which are summarized below.
1. Enhanced Client Experience
The client portal contains increased functionality to provide new capabilities to filter and sort data on the fly with new additional data fields exposed and increased performance. The new menu structure offers new pages and functionality based on different service options included in the ATLAS service.
2. Reporting Enhancements
There are numerous enhancements to reporting, which include improved document handling, stability fixes, and formatting improvements. There are also saved views and scheduled reporting capabilities in the Log Summary and Localized Summary portal pages.
3. New 3rd Party Integrations
New 3rd party integrations are supported, including log sources which connect via an API to the vendor’s cloud services. Additional enhancements have been added to AWS and Azure public cloud environments to improve alerting and threat detection use cases.
4. Threat Detection Upgrades
Numerous threat detection upgrades and enhancements provided, some of which include the following:
- User/Asset Behavior – New Events of Interest Added to the timeline analysis
- Hostname Correlation for Asset behavior analysis
- Scans Surveillance Enhancements – improved detection of external scanning, pen testing, attacker behavior and active scanning
- Query and service performance – We’ve made significant back end enhancements around threat detection, performance, and improved data exposure.
- Enhancements to our Unsupervised Anomaly Detection – New cutting Machine Learning based detection of advanced threats that analyzes raw log data, instead of Alert data, which eliminates human bias and can better find hidden threats.