Summary

• A completely new menu structure.
• Improvements across all sections
• Splunk Cloud compatability
• New Microsoft 0 Day feed and Phishing and Malware Distribution feeds

1. New Menu Structure

We’ve re-vamped the user interface to make it easier and quicker to navigate through the app's numerous menus, preferences, profile options and recipes.

Every feature and menu option that was only visible from the top menu is now fixed on the left-hand side of the app.

Users are now able to navigate to any section of the Silent Push app from the left-hand menu, including:

• Threat ranking
• Filter profiles - no longer accessible solely from Advanced Filter settings)
• Sources - expanded with all options visible
• The Explore menu, including all saved recipes
• The Silent Push Query Builder is now a separate section in the left-hand menu, with four sub-sections:
  • Private queries
  • Shared queries
  • Templates of pre-defined queries
  • Global queries

The only menu that is solely accessible from the top navigation bar is the ‘Preferences’ section.

2. Explore’ Upgrades

Displaying the number of ‘Explore’ results

Users are now able to view the number of results for every single query or ‘Explore’ search.

Previously, users were only able to ascertain the number of results by navigating through the pages of outputs. Now, whenever you conduct an ‘Explore’ search or query, Silent Push displays the total number of results once the search has been completed.

On the explore results, you will have:

• Results on current page
• Total Results

On the Query builder queries, to get number of results, you need to check ‘with_metadata’ check box. You will get:

• ‘results_returned’ - number of returned results defined by the ‘limit’ field in the query
• 'results_total_at_least' - approximate number of total results

3. Changes to SOA analysis

Silent Push now offers visualization for Start of Authority (SOA) records.

Once results have been displayed, users are now able to save the results as a feed or a collection, monitor any changes and export data into a CSV or JSON file for further analysis. You can now lookup SOA records from the explore main page, or visualize PADNS Forward Lookup query with SOA record selected as a search type.

Look what you can do with an SOA search. Here is a phishing query that gives you a lot of information to find more.

This result can be moved into a tabular view on the explore page by clicking the Visualize button.

4. Three new feeds

If you look in Sources > Feeds, you'll notice we’ve added three new feeds that are of major importance:

1. Phishing and Malware Distribution IPs
2. Phishing and Malware distribution domains
3. Microsoft Exchange 0 Day IP addresses

5.‘Sources’ upgrades

Feed filters

Feed tables can now be filtered into four categories:

1. Global Feeds - Silent Push global feeds
2. Organization Feeds - All shared feeds within an organization
3. My Feeds - Private feeds created by individual users
4. All Feeds - All feeds from the above sections

Feed tags

To make it easier to filter observables by tags, Silent Push now displays a list of tags in the sources table, unique to each source. Users no longer need to revisit a source in the threat ranking in order to view the tags associated with it.

6. ‘Enrichment’ upgrades

Sorting tags per feed

Silent Push now sorts all tags according to each feed, making it easier to ascertain what source is applicable to each observable, and what tags are linked to each source.

Live data reminder

Enrichment data is a refreshed dataset. To remind users of this, we’ve added an indicator to the enrichment page that makes them aware they’re working with refreshed data.

Splunk improvements

Splunk Cloud Compatibility

The Silent Push app has been certified for Splunk Cloud. That means you can now install our app in all Splunk editions, including the cloud version.

Splunk Developer Program

Silent Push is now part of the Splunk Developer program. Read more about Silent Push Splunk integration here.