diff --git a/_shared_content/intelligence_center/monitor/threat_landscape.md b/_shared_content/intelligence_center/monitor/threat_landscape.md new file mode 120000 index 0000000000..fa961f36a7 --- /dev/null +++ b/_shared_content/intelligence_center/monitor/threat_landscape.md @@ -0,0 +1 @@ +../../../_shared_content/threat_landscape.md \ No newline at end of file diff --git a/_shared_content/threat_landscape.md b/_shared_content/threat_landscape.md new file mode 100644 index 0000000000..a5b718de99 --- /dev/null +++ b/_shared_content/threat_landscape.md @@ -0,0 +1,82 @@ +# Threat Landscape + +Sekoia Threat Landscape is our centralised hub for providing actionable insights and trends on cyber threats and adversary activities. + +This capability is updated in real-time, capturing the latest analysis from our TDR team, supported by global telemetry gathered by our XDR technology worldwide. + +The dashboard includes a time filter, set to the last 30 days by default, allowing users to adjust the time frame for trend-type widgets. + +## Latest FLINT reports + +This section offers quick access to the latest and most relevant reports published by our TDR team. These finished intelligence reports are available accessible to all our customers. + +Additionally, these reports provide direct access to their associated IoCs, redirecting users to the list of related indicators (requires Intelligence subscription). + +Note: Only-XDR customers (with ‘Defend’ subscription) will have limited access to details from these reports. Full intelligence access requires an Intelligence subscription. + +## Trending threat entities + +Sekoia Threat Landscape will timely update your team on the latest and most relevant threat entities, providing direct access to our Intelligence database for further analysis. + +These threat entities are manually selected by our TDR team, based on their current relevance and potential impact for your organisation. + +These trending threat entities include the following objects: + +- Trending Malware +- Trending Campaign +- Trending Adversary +- Trending Vulnerability + +## Prevalence trends: Top 5 malware families + +This widget provides real-time visibility into the latest more prevalent malware families. These trends are supported based on our global real-time telemetry. + +Our users can leverage our global time filter, located at the top of the page, to narrow down the applicable time frame. + +Additionally, our XDR users (Defend subscription) can also review malware families that were observed directly in their networks. These occurrences are indicated in the widget via a warning icon. Users can click and pivot into the alert details, for further analysis. + +## Prevalence trends: Top 5 MITRE techniques + +Similarly to the ‘Top 5 Malware’ widget (see above), this view provides real-time visibility into the latest more prevalent MITRE techniques. These trends are also supported based on our global real-time telemetry. + +Our users can leverage our global time filter, located at the top of the page, to narrow down the applicable time frame. + +Additionally, our XDR users (Defend subscription) can also review MITRE techniques that were observed directly in their networks. These occurrences are indicated in the widget via a warning icon. Users can click and pivot into the alert details, for further analysis. + +## Adversary Activity Trend + +This widget offers a strategic overview of the overall prevalence of the most significant threat actors. + +It enables users to promptly identify rising threat actors (highlighted in green within the widget) based on spikes in their threat activity, infrastructure, and attack volume. Conversely, users can discern declining adversaries in terms of threat activity (highlighted in red). + +The activity trend is depicted based on the prior quarter, with users able to select their desired timeframe using the time filter provided within the widget. + +## Rank-type Top Threat Entities + +This widget presents a current ranking view of the most pertinent threat entities, determined by their recent activity. The list is ranked based on the current volume of associated threat indicators, within the selected time filter. + +This widgets provide a rank view of the following objects: + +- Top Adversaries +- Top Malware families. +- Top tools +- Top latest exploited vulnerabilities + +## Adversaries reports + +This table-type widget offers a real-time overview of the most recent and pertinent reports generated by our TDR team, updating on specific threat actors. + +Note: Only customers with an Intelligence subscription will have access to the full details of the reports. + +## Top Threats + +This table provides a global overview of the most prevalent threat objects, based on their threat volume (i.e. number of current associated indicators). + +This widget supports a wider list of threat objects, including Malware families, MITRE techniques Adversaries and Tools. An integrated filter allows our users to filter out their search. + +This table provides visibility into the filtered threat objects, including details around: + +- Total historic threat volume (associated indicators). +- Past week activity (associated indicators). +- Impact, referring to threat objects observed in your network (only for XDR customers). +- And Reports, providing link to further details (require Intelligence subscription). diff --git a/docs/xdr/features/report/threat_landscape.md b/docs/xdr/features/report/threat_landscape.md new file mode 120000 index 0000000000..f5796b62a3 --- /dev/null +++ b/docs/xdr/features/report/threat_landscape.md @@ -0,0 +1 @@ +../../../../_shared_content/threat_landscape.md \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 01f9e63522..3b5a0d536e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -271,6 +271,7 @@ nav: - Query Builder (beta): xdr/features/investigate/query_builder.md - Report: - Dashboards: xdr/features/report/dashboards.md + - Threat Landscape: xdr/features/report/threat_landscape.md - Automate: - Playbooks: xdr/features/automate/index.md - Playbooks On-premises: xdr/features/automate/playbooks-on-premises.md @@ -412,6 +413,7 @@ nav: - IOCs Collections: cti/features/consume/ioccollections.md - Monitor: - Dashboards: cti/features/monitor/dashboard.md + - Threat Landscape: cti/features/monitor/threat_landscape.md - External Integrations: - Overview: cti/features/integrations/index.md - API: cti/features/integrations/api.md @@ -456,6 +458,7 @@ nav: - Expiration Rules: tip/features/produce/expiration_rules.md - Monitor: - Dashboards: tip/features/monitor/dashboard.md + - Threat Landscape: cti/features/monitor/threat_landscape.md - External Integrations: - Overview: tip/features/integrations/index.md - API: tip/features/integrations/api.md