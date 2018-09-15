Every month, the Threat Grid development team brings you new features and capabilities in the Threat Grid cloud. These past summer months were no different, with some exciting additions that customers have been asking for with increasing interest. The below are the highlights of the new features and capabilities introduced over the summer. We're happy to have recently brought you the following:

Mitre ATT&CK data

Mitre's Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) is a dictionary and a data model for recording and understanding adversary behavior. It allows automated transfer and operationalization of codified TTP information for response, detection, and potentially attribution. These values are tied to behavior indicators and appear in the indicators dictionary, as well as in both the individual sample analysis reports and the downloadable analysis data.

[Attachment]

For more information on ATT&CK, see the Mitre ATT&CK page.

Scrubbed Reports

One of Threat Grid's main strengths is its cloud-based nature - all customers can benefit from the submissions of all other customers. However, there are obvious privacy concerns that arise from submitting one's files to the cloud. We have struck a balance between respecting - and enforcing - the privacy requirements of our customers and maximizing the benefit they can get from each other's submissions. We now offer scrubbed reports on private files. These reports omit any identifying information - even the filename - and do not provide any means to download or otherwise view the file contents, but do show the hash, metadata, and associated Behavior Indicators. In the example below, note that the download and resubmit options are disabled, and that only the metadata and indicators are available.

[Attachment]

Monthly Organization Reports:

Now users can see, at a glance, how their organization has used Threat Grid over the past month; where the samples came from, the breakdown of the resultant threat scores, and more. The dashboard already allowed a quick visual summary of the last 30 days of usage, but these reports allow you to easily view each month at a time and see month over month trends.

[Attachment]

False Positive / False Negative reporting

These new controls in the Analysis Report view allow users to quickly and easily submit concerns to Cisco's Research and Efficacy (RET) team for further review. Threat Grid makes decisions based on sample characteristics and behavior alone - and sometimes context matters. Additionally, the automated analysis errs on the side of protecting users from false positives, which can on rare occasions lead to the opposite, a false negative. Users will find this an efficient way to get concerns about potential misclassifications addressed.

[Attachment]

Additional new features and improvements

The list above only includes the highlights. Many more UI and platform improvements have been made over the summer months - see the release notes for full details.

Take care, and as I'm fond of saying, make use of Threat Grid to detonate your malware on our network, instead of your own!