Here are the key purposes and benefits of FortiSOAR Threat Intel Management solution:
-
Ingest and Manage Threat Feeds: The solution allows organizations to ingest a wide range of threat intelligence feeds, both paid and open-source, in a user-friendly and normalized format. This helps security teams to collect a vast amount of threat data from various sources in a single, centralized location.
-
Normalization and Data Management: It provides tools and parameters for managing the ingested data, including normalization, categorization, and filtering based on factors such as confidence, TLP (Traffic Light Protocol), severity, expiry, and more. This makes it easier for security analysts to work with the data efficiently.
-
FortiGuard Integration: The integration with FortiGuard, Fortinet's threat intelligence source, offers unlimited access to their threat intelligence database. This integration ensures that organizations have access to high-quality, up-to-date threat intelligence from a trusted source.
-
Actionable Threat Intelligence: The solution facilitates the creation of actionable threat intelligence reports that can be shared with incident response teams, executives, and stakeholders. This helps organizations make informed decisions and respond effectively to security threats.
-
Collaborative Framework: It establishes a collaborative framework where both SOC (Security Operations Center) members and non-SOC stakeholders can request specific threat intelligence based on Priority Intelligence Requirements (PIR). This ensures that threat intelligence efforts are aligned with the organization's needs and objectives.
-
Threat Intelligence Workspaces: Workspaces provide a structured approach to the threat intelligence lifecycle, allowing teams to gather, analyze, and disseminate threat intelligence effectively. This enhances the quality of research and ensures that stakeholders receive relevant information.
-
Integration and Automation: The solution integrates with various tools and datasets, including MITRE ATT&CK Framework and automation engines. This integration enables automation of repetitive tasks and improves the efficiency of threat intelligence processes.
-
Sharing and Collaboration: The ability to share threat intelligence reports and datasets with other security products and tools using STIX/TAXII protocols enhances collaboration across security systems. This ensures that the intelligence gathered can be leveraged by other security solutions.
-
Feed Relationship Management: The solution provides intelligent workflows for linking malicious feeds with indicators and managing indicator reputation. This ensures that organizations can consume threat intelligence effectively and improve the quality of their daily investigations.
FortiSOAR announces release of Threat Intel Management v1.2.1, highlighting the following changes:
- The default FortiGuard ingestion process has been modified. It is recommended to upgrade to Fortinet FortiGuard Threat Intelligence Connector v3.1.2
- The default pull interval for FortiGuard has been adjusted to 1 day to improve performance of FortiGuard in the FortiSOAR environment.
See https://github.com/fortinet-fortisoar/solution-pack-threat-intel-management/tree/release/1.2.1 for more info.
