Threat Intelligence
Threat Intelligence (TI) fetches information and insights about existing or potential cyber threats and risks from various sources. It then assembles, processes, and analyzes the fetched information and uses it to predict data breaches, vulnerable attacks, and any evidence of pre-planned attacks or threats and notifies about it in real-time. You can also link custom threat data sources and fetch and analyze their logs.
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Download
Package Details
Threat Intelligence Components:
- Enrichment Source
- ThreatIntelligence
- Process Command
- ti
- Dashboard Package
- LP_Threat Intelligence
- Alert Packages
- LP_Threat Intel Internal Machine Connecting to Multiple IOCs
- LP_Threat Intel Excessive Denied Connections Attempt from IOC
- LP_Threat Intel Connections with Suspicious Domains
- LP_Threat Intel Allowed Connections from Suspicious Sources
- LP_Threat Intel IOC Connecting to Multiple Internal Machines
Enhancement
Updated packages to address identified vulnerabilities.
Past Releases
Threat Intelligence v6.4.0
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
The following columns are added to the threat intelligence table:
|
Column |
Issue ID |
Reference ID |
|---|---|---|
| Confidence: indicates reliability, helping prioritize high-confidence threats for quicker action while reducing false positives. |
PLUG-15718
|
- |
| ASN: provides insight into the source, enabling more accurate threat attribution and proactive defence measures. | - | |
| Tag: facilitates threat categorization, allowing for better organization, filtering, and retrieval of relevant threat data during investigations. | - |
Threat Intelligence v6.3.1
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Bug Fix
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
With the MongoDB update, the database commands that Threat Intelligence used to fetch logs were discontinued, preventing it from fetching logs. |
PLUG-13247 |
- |
Threat Intelligence v6.3.0
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence is now compatible with Logpoint v7.5.0 and later. |
- |
- |
Threat Intelligence v6.2.1
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence is now compatible with Logpoint v7.4.0 and later. |
- |
- |
Threat Intelligence v6.1.2
Release version: 6.1.2
Release Date: March 7, 2024
Supported On: Logpoint v6.12.2 and later
Download: ThreatIntelligence_6.1.2.pak
SHA256: e3ebd2619fc218954aad3d9245847d08ddab374c61ec8e2777cc4222d20eac90
Documentation:
Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
hreat Intelligence for Director Console API
Bug Fixes
The following issues are fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence failed to fetch logs from the free MISP feed hosted on the Nginx server. |
PLUG-10995 | 79452, 80526 |
| The Base URL entered during the configuration of Custom CSV was not properly validated which could lead to potential security issues. | PLUG-11300 |
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.