Details

1. TLP Amber Reports (Enterprise)

We've introduced an internal blog/reporting feature that provies threat-specific TLP Amber reports to Enterprise customers.

The reports provide more platform-specific context than our public blogs are able to offer, and allow us to pass on intelligence and threat hunting techniques deemed too sensitive for the public sphere, where threat actors may have access to it.

TLP Amber reports will contain query links, regex strings, feed data and sections on the specific actions that security teams need to take in the platform, to counteract emerging TTPs.

2. Bulk Data Feeds (Enterprise)

13 new feeds have been created that track various additions and changes to domains and IP addresses on the the global IPv4 and IPv6 space:

1. New Global Domains - A list of new domains, collected from daily ICANN zone file updates (exportable as a text file).
2. New ccTLD Domains (ICANN) - A list of new country code top level domains (ccTLDS), first seen within the last 24 hours (exportable as a text file).
3. New Nameservers - A list of new nameservers, first seen within the last 24 hours. (exportable as a text file).
4. New Self-Named Nameservers - A list of new self-named nameservers, first seen within the last 24 hours (exportable as a text file).
5. Domains With NS Changes - A list of Domains that have changed nameservers within the last 24 hours (exportable as a JSON).
6. Domains With Self-Named NS Changes - Domains that have changed to a self-named nameserver within the last 24 hours (exportable as a JSON).
7. New Mail Servers - New mail servers, seen for the first seen within the last 24 hours (exportable as a text file).
8. Open Redirect Vulnerabilities - Domains that are vulnerable to open re-directs (exportable as a text file).
9. IPFS Nodes (IPv4) - IPv4 addresses that have acted as IPFS nodes within the last 7 days (exportable as a text file).
10. IPFS Nodes (IPv6) - IPv6 addresses that have acted as IPFS nodes within the last 7 days (exportable as a text file).
11. Merlin C2 IPs - IP addresses suspected of acting as Merlin C2 servers (exportable as a text file).
12. Poor AS Reputation (IPv4) - IPv4 addresses taken from autonomous systems (AS) with the worst Silent Push Takedown Scores (exportable as a text file).
13. Poor Subnet Reputation (IPv4) - IPv4 addresses taken from subnets with the worst Silent Push Takedown Scores (exportable as a text file).

3. Query results displayed on the same page

Query results and query parameters have been combined into a single page as collapsible elements, for the following queries:

• Dangling DNS Detection
• Hosting Infrastructure - ASN

This allows users to review query results, and if satisfied, expand the query section to save the recipe.

4. Community Onboarding in-product tour

Community users now benefit from a guided onboarding checklist at first login, that guides new users through the interface, shows users how to execute basic queries and highlights the platform's pivoting and data enrichment functionality.