ThreatSTOP 4.10 Release Includes:

 

A new threat meta data section has been added to the Check IOC results page 

  • New meta data details have been added to provide deeper context around an IP address or domain that is blocked by ThreatSTOP. This new section can be found toward the bottom of the Check IOC results page, below the Passive DNS section.
  • This new meta data framework will be leveraged to deliver additional contextual information about IOC’s in future releases.

Beta release of the REST API v4.0

  • ThreatSTOP has released our next generation REST API 4.0 to Beta. The new API delivers a full range of services to manage accounts, devices, policies, user-defined lists and more.
  • We are announcing end-of-life for the legacy ThreatSTOP API to occur by end of December 2016, with no new feature enhancements planned for this legacy API. ThreatSTOP will continue to maintain legacy API functionality and will provide ongoing support for bug fixes and security patches. It is highly recommended for any customers and partners integrating with the legacy API to contact ThreatSTOP for information on the REST API 4.0.

ThreatSTOP public website upgraded from CheckIP to the improved Check IOC

  • ThreatSTOP has upgraded the publicly available CheckIP research tool to our more robust Check IOC research suite. Check IOC allows users to check both IP addresses and domains, delivering richer results. Customers using this free tool are encouraged to sign-up for a free trial account to access the fully-featured version of Check IOC that delivers more meta data, passive DNS and a host of additional intelligence.

New Security Policy Target added: DNSTunnel IP Global List

  • A new policy target has been added containing IP addresses observed using DNS Tunneling as an exploit. Adding this target to your policy can protect your network from IPs known to attempt tunneling of data through a DNS server, thereby bypassing the network firewall. This is frequently used as a method of data exfiltration by attackers.

The aging process for the MS ISAC security policy target has been modified

  • The threat target MS ISAC has been modified to remove IoC entries after a 7-day period if they are no longer present in the feed. This change is expected to reduce the total IoC count in the target and further reduce the chance of a false positive.

Buzz: Going to RSA 2017? Stop by and see us at booth 2714.