Summary

November's update is focused around the Sources > Feeds Report section.

Data is a valuable commodity, and should be treated as such. Quite often, organizations purchase threat feeds without the means to analyze how useful and cost-effective they actually are.

Feeds can sometimes be an aggregation of data contained in other feeds, rather than a goldmine of unique intel.

Our update allows you to quickly ascertain which feeds are providing you with the most value for money, by highlighting duplicate data that's contained in other feeds, at the click-of a button.

We've also given you the option to directly compare feeds within the same report, as well as some UI improvements, and enhanced data visualization options across a range of global queries.

Details

1. Sources > Feeds Report has replaced Sources > Feed Performance

1.1 - Overlap scoring updated

A feed’s Overlap score is now calculated as the percentage of a feed’s observables that are also contained within other visible feeds.

'Visible feeds' are any feeds provided by Silent Push ('Global' feeds), and/or any feeds that you've created for your organization.

A high Overlap score indicates that you’re looking at data which is common across all other visible feeds.

1.2 - Originator scoring updated

A feed’s Originator score is now given as the percentage of observables that were unique to that feed - compared to other visible feeds - when the items were first added to the feed.

A high Originator score indicates that you’re receiving threat intelligence that's of a proportionally higher value, given that it’s not already well-known.

1.3 - Option added to compare feed scores

You’re now able to compare the Originator and Overlap scores of specific feeds by selecting two or more feeds using the checkboxes, and clicking the Compare button to get a side-by-side analysis.

2. Buttons added to the Enrichment and Threat Ranking Details pages

We’ve improved the interface on our Enrichment and Threat Ranking Details pages by adding buttons that allow you to easily pivot through data, including the IP diversity, IP density, Nameservers and Host options.

3. Improved visualization for various queries

You’re now able to view certain global and private query results in a tabulated view, along with the standard raw data option.

Once you’ve collected data from a query, clicking Explore Table View moves the data to an Explore view, allowing you to save and monitor results.

As of release, only queries with an eye icon next to them have Explore Table View enabled.