Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create threat_landscape #1737

Merged
merged 4 commits into from
Apr 19, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions _shared_content/threat_landscape.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
# Threat Landscape

Sekoia Threat Landscape is our centralised hub for providing actionable insights and trends on cyber threats and adversary activities.

This capability is updated in real-time, capturing the latest analysis from our TDR team, supported by global telemetry gathered by our XDR technology worldwide.

The dashboard includes a time filter, set to the last 30 days by default, allowing users to adjust the time frame for trend-type widgets.

## Latest FLINT reports

This section offers quick access to the latest and most relevant reports published by our TDR team. These finished intelligence reports are available accessible to all our customers.

Additionally, these reports provide direct access to their associated IoCs, redirecting users to the list of related indicators (requires Intelligence subscription).

Note: Only-XDR customers (with ‘Defend’ subscription) will have limited access to details from these reports. Full intelligence access requires an Intelligence subscription.

## Trending threat entities

Sekoia Threat Landscape will timely update your team on the latest and most relevant threat entities, providing direct access to our Intelligence database for further analysis.

These threat entities are manually selected by our TDR team, based on their current relevance and potential impact for your organisation.

These trending threat entities include the following objects:

- Trending Malware
- Trending Campaign
- Trending Adversary
- Trending Vulnerability

## Prevalence trends: Top 5 malware families

This widget provides real-time visibility into the latest more prevalent malware families. These trends are supported based on our global real-time telemetry.

Our users can leverage our global time filter, located at the top of the page, to narrow down the applicable time frame.

Additionally, our XDR users (Defend subscription) can also review malware families that were observed directly in their networks. These occurrences are indicated in the widget via a warning icon. Users can click and pivot into the alert details, for further analysis.

## Prevalence trends: Top 5 MITRE techniques

Similarly to the ‘Top 5 Malware’ widget (see above), this view provides real-time visibility into the latest more prevalent MITRE techniques. These trends are also supported based on our global real-time telemetry.

Our users can leverage our global time filter, located at the top of the page, to narrow down the applicable time frame.

Additionally, our XDR users (Defend subscription) can also review MITRE techniques that were observed directly in their networks. These occurrences are indicated in the widget via a warning icon. Users can click and pivot into the alert details, for further analysis.

## Adversary Activity Trend

This widget offers a strategic overview of the overall prevalence of the most significant threat actors.

It enables users to promptly identify rising threat actors (highlighted in green within the widget) based on spikes in their threat activity, infrastructure, and attack volume. Conversely, users can discern declining adversaries in terms of threat activity (highlighted in red).

The activity trend is depicted based on the prior quarter, with users able to select their desired timeframe using the time filter provided within the widget.

## Rank-type Top Threat Entities

This widget presents a current ranking view of the most pertinent threat entities, determined by their recent activity. The list is ranked based on the current volume of associated threat indicators, within the selected time filter.

This widgets provide a rank view of the following objects:

- Top Adversaries
- Top Malware families.
- Top tools
- Top latest exploited vulnerabilities

## Adversaries reports

This table-type widget offers a real-time overview of the most recent and pertinent reports generated by our TDR team, updating on specific threat actors.

Note: Only customers with an Intelligence subscription will have access to the full details of the reports.

## Top Threats

This table provides a global overview of the most prevalent threat objects, based on their threat volume (i.e. number of current associated indicators).

This widget supports a wider list of threat objects, including Malware families, MITRE techniques Adversaries and Tools. An integrated filter allows our users to filter out their search.

This table provides visibility into the filtered threat objects, including details around:

- Total historic threat volume (associated indicators).
- Past week activity (associated indicators).
- Impact, referring to threat objects observed in your network (only for XDR customers).
- And Reports, providing link to further details (require Intelligence subscription).
3 changes: 3 additions & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@ nav:
- Query Builder (beta): xdr/features/investigate/query_builder.md
- Report:
- Dashboards: xdr/features/report/dashboards.md
- Threat Landscape: xdr/features/report/threat_landscape.md
- Automate:
- Playbooks: xdr/features/automate/index.md
- Playbooks On-premises: xdr/features/automate/playbooks-on-premises.md
Expand Down Expand Up @@ -411,6 +412,7 @@ nav:
- IOCs Collections: cti/features/consume/ioccollections.md
- Monitor:
- Dashboards: cti/features/monitor/dashboard.md
- Threat Landscape: cti/features/monitor/threat_landscape.md
- External Integrations:
- Overview: cti/features/integrations/index.md
- API: cti/features/integrations/api.md
Expand Down Expand Up @@ -455,6 +457,7 @@ nav:
- Expiration Rules: tip/features/produce/expiration_rules.md
- Monitor:
- Dashboards: tip/features/monitor/dashboard.md
- Threat Landscape: cti/features/monitor/threat_landscape.md
- External Integrations:
- Overview: tip/features/integrations/index.md
- API: tip/features/integrations/api.md
Expand Down
Loading