Cognitive Intelligence changing its name to global threat alerts
As part of Cisco’s continuous efforts to bring more clarity into our security portfolio, Cognitive Intelligence will be changing its name to global threat alerts. You will start seeing the new name in the web interface, documentation, and other places soon.
Starting February 2nd, the new web interface with alert fusion will be the default view
The alert fusion interface, introduced last summer as a beta version accessible using the early access switch, will now be the default view of the web interface.
Figure 1: Alert fusion interface will be the default view starting February 2nd
Due to the changes in the way that alerts are fused together, the global threat alerts (formerly Cognitive Intelligence) widget in Secure Network Analytics (formerly Stealthwatch Enterprise) is also changing its look.
Figure 2: New look of global threat alerts inside Secure Network Analytics dashboard
New features added to the alert fusion interface
Time filter
Now you can filter by time in a fast and convenient way. You can choose from the list of the most-used options (last day, last 7 days, last 30 days, and last 45 days) or specify starting and ending dates.
Figure 3: Filter by time with one click using any of the most-used options
Open search box
In order to ease your threat investigations, now you can use the open search box to quickly filter and find alerts for a specific username, client IP address, asset group, or type of threat.
Figure 4: Filter your alerts by username, client IP address, asset group, or threat name
New descriptions added for command-injection classifier
This anomaly will trigger if a specific pattern is found in the user agent of the http request. The presence of these patterns gives us certainty that the webpage was accessed with the intention of exploiting a vulnerability. This can signal recognition steps in order to initiate an attack against that web page.
This anomaly can be seen in Alert -> Alert detail -> Anomalies
Figure 5: New anomaly for command-injection exploitation attempt
Leveraging global threat alerts (Cognitive Intelligence)
Global threat alerts (Formerly Cognitive Intelligence) capabilities are available to Secure Endpoint (Formerly Advanced Malware Protection or AMP for endpoints) customers with a compatible web proxy such as the Secure Web Appliance (Formerly Web Security Appliance), and all Secure Network Analytics (Formerly Stealthwatch Enterprise) customers. Reach out to your account executive to learn how to turbocharge your existing cybersecurity investment with global threat alerts.
