Michael Wilson

Extending RSA Live Connect

Discussion created by Michael Wilson Employee on Nov 7, 2016

With the release of Security Analytics 10.6.1, RSA formally introduced the new RSA Live Connect community based threat intelligence sharing service.  This service is a cloud based threat intelligence service that gathers, correlates, analyzes, and process threat intelligence across the RSA Security Analytics community.  In turn, this intelligence can be leveraged by SA/NW  customers during the threat investigation workflow.  

 

As we grow the platform and extend the functionality, we would be very interested in gaining additional insights from you about what you would find most beneficial from this community based threat intelligence platform.  It would be very helpful if you could comment on any of the following:

 

1.) For a given threat indicator such as IP addresses, domains, and/or file hashes, what are some of the additional meta data associated with those indicators (attribution, associations with other indicators (IPs->files, domains->files, etc), behavioral characteristics, industries impacted, geo-locations impacted, etc.) that you and your organization would find most beneficial?
2.) Besides providing your risk assessment feedback (safe or risky) on a threat intelligence indicator such as IP addresses, domains, and/or file hashes, what other types of information would you and your organization be willing to provide (geo-location, industry/vertical, creating/applying tags, severity, etc.)?
3.) In SA 10.6.1, the Live Connect threat intelligence can be leveraged during the investigation workflow.  Are there other specific areas within the SA/NW application that you and your organization would like to leverage the Live Connect threat intelligence?

Outcomes