Latest Silent Push Updates

Manual typewriter with a piece of paper saying update in big letters

Since this blog post we have had many updates, some months we have two new releases. So let us direct you to our Knowledgebase where you can read about each release as it happens.

Release notes in the knowledge base

Last week, we deployed a new release with a variety of new features, optimizations and updates that we’re excited to share with you.

The release has three primary areas: 

  • How you group lists of IOCs
  • How you view scored and ranked IOCs
  • How you see additional and in-depth context about an IOC

How you group lists of IOCs 

We’re all familiar with threat data feeds: dynamic or static lists of IOCs provided by third-party vendors or your CTI team. This release takes that notion one step further, introducing a new type of IOC list called a “Collection.” Feeds and Collections are now organized under the concept of “Sources.”  A source can refer to either a collection or a feed. While collections and feeds have many similarities, like being enriched in the Threat Ranking table (detailed below) or similar management functions, there are some key differences: 

  • Collections are a mechanism to gather and save suspicious observables in a draft state among your team. This means your collections can’t be exported to your security software until it’s been promoted to being a feed. This new tool will allow you to collect suspicious observables and validate them among your team before pushing them to your SIEM, NGFW, or other tooling.
  • Feeds are dynamic or static sets of IOCs either injected into Silent Push from providers like Silent Push, your team, or other feed vendors. Feeds are considered published, so you they are ready to be included in any export of IOCs you want to push.

How you view scored and ranked IOCs

The threat ranking table is the first place you land in the app and the primary place to review your enriched stream of observables. The threat ranking table now hosts both the feeds and collections that you’ve selected to show in the Threat Ranking in the Feeds/Collections managers. You can then filter observables in the threat ranking list with either simple or advanced filters to new, specific lists of IOCs for your purposes. This release includes a major design to improve usability and increase filterability. 

How you see additional and in-depth context about an IOC

Threat Detail

The threat detail view shows additional context and applicable actions for any given IOC. It can be accessed by clicking on a table row in the threat ranking table for a chosen IOC. This release applies a new design system to threat detail and updates verbiage to be more consistent throughout the app. The release also introduces a new enriched indicator: the Curated Feeds History Score, generated based on an IOCs previous listings on trusted CTI feeds.  

Enrich View 

The enrich view is an expanded view of the threat detail accessible to any observable from the threat ranking or to enrich any domain, url, or IP address found in Silent Push’s passive DNS database. This release applies a new design system to this view, as well as greatly expands the contextual data pulled from Silent Push’s passive DNS database. 

Schedule a demo today to learn how Silent Push can help you defend your organization