Keeping pace with the evolving threat landscape is no easy for security analysts constantly bombarded with hundreds of emails about new actors, strains of malware, related indicators and mitigation solutions. Cyware Situational Awareness Platform (CSAP) is a multifaceted, 24/7 situational awareness and information-sharing platform for organizations to share alerts in real-time with employees across multiple platforms.
To ease the burden on analysts who share these alerts across their organization, the platform has now been equipped with a new feature that allows them to create new alerts directly from emails with the simple click of a button.
Introducing the new ‘Email Submission’ feature
CSAP’s new ‘Email Submission’ feature allows analysts to set up a mailbox within CSAP that can be used for receiving emails from employees or members. Using this CSAP mailbox, analysts can receive alerts, incidents and threat intelligence sent via email to the predetermined email address(es). Employees, security colleagues and peers can simply send emails with URL and other indicators of compromise (IOCs) to this email address for the security analyst in charge to create a new Situational Awareness alerts seamlessly and efficiently.
How Does it Work?
For instance, a member or company employee sends an email about a piece of malware along with related IoCs like domains, hashes, email addresses, etc. Instead of going through the tedious process of copying and pasting all relevant data to create a new alert, the analyst can simply find the email in the CSAP mailbox and create a new alert with just one click.
The feature quickly parses through the email, collects the relevant threat data (indicators of compromise) and presents it in a consolidated form segregated by IoC type - ready to be sent to recipients. Users also have Cyware’s fang-defang tool on hand to quickly convert any live links (fanged) into a safer format (defanged).
If the email happens to have any attached documents such as reports about the malware, analysts have the option to attach the same files to the alert simply by checking a box.
How Does it Help You?
Equipped with this new feature, CSAP can be leveraged to seamlessly share relevant threat alerts that are acquired via email across an organization in real-time, thereby further boosting its detection and dissemination of new threats, organizational communication, interoperability and security maturity.