Threat Intelligence
Threat Intelligence (TI) fetches information and insights about existing or potential cyber threats and risks from various sources. It then assembles, processes and analyzes the fetched information and uses it to predict data breaches, vulnerable attacks and any evidence of pre-planned attacks or threats and notify about it in real-time. You can also link custom threat data sources and fetch and analyze their logs
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Package Details
Threat Intelligence Components:
- Enrichment Source
- ThreatIntelligence
- Process Command
- ti
- Dashboard Package
- LP_Threat Intelligence
- Alert Packages
- LP_Threat Intel Internal Machine Connecting to Multiple IOCs
- LP_Threat Intel Excessive Denied Connections Attempt from IOC
- LP_Threat Intel Connections with Suspicious Domains
- LP_Threat Intel Allowed Connections from Suspicious Sources
- LP_Threat Intel IOC Connecting to Multiple Internal Machines
Bug Fix
The following bug has been fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| With the MongoDB update, the database commands that Threat Intelligence used to fetch logs were discontinued, preventing it from fetching logs. |
PLUG-13247 |
- |
Past Releases
Threat Intelligence v6.3.0
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence is now compatible with Logpoint v7.5.0 and later. |
- |
- |
Threat Intelligence v6.2.1
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence is now compatible with Logpoint v7.4.0 and later. |
- |
- |
Threat Intelligence v6.1.2
Release version: 6.1.2
Release Date: March 7, 2024
Supported On: Logpoint v6.12.2 and later
Download: ThreatIntelligence_6.1.2.pak
SHA256: e3ebd2619fc218954aad3d9245847d08ddab374c61ec8e2777cc4222d20eac90
Documentation:
Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
hreat Intelligence for Director Console API
Bug Fixes
The following issues are fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Threat Intelligence failed to fetch logs from the free MISP feed hosted on the Nginx server. |
PLUG-10995 | 79452, 80526 |
| The Base URL entered during the configuration of Custom CSV was not properly validated which could lead to potential security issues. | PLUG-11300 |
Threat Intelligence v6.1.1
Release version: 6.1.1
Release Date: June 20, 2023
Supported On: Logpoint v6.12.2 and later
Download: ThreatIntelligence_6.1.1.pak
SHA256: 303f65411e0caf7b5f7cdf1b87fa52f7550c3867982ee5c709e4069b238885ad
Documentation:
Threat Intelligence for Logpoint
Threat Intelligence for Director Console UI
Threat Intelligence for Director Console API
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| The hash field in Threat Intelligence now consists of the SHA256 hash for malware hashes from Blueliv. |
PLUG-9474 |
70742 |
Bug Fixes
The following issues are fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Fields with no values have been removed from the search results. |
PLUG-9474 | 70742 |
| The URL for the malware category of Blueliv is corrected to /lastday. | PLUG-9474 | 70742 |
Fields with no values have been removed from the search results.
Threat Intelligence v6.1.0
Enhancement
-
A minor update has been done in the application’s normalizer for better signature handling.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.