cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Cognitive Release Note, September 2020: New features added to Cognitive Intelligence beta GUI and new anomaly description

473
Views
5
Helpful
0
Comments
Cisco Employee

User Experience Enhancements

cx.png

As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.

 

 

New features added to Cognitive Intelligence beta GUI

As part of our continuous efforts to improve productivity and drive efficacy, additional features have been added for customers with Early Access to the new GUI enabled:

3 early access.png

 

Risk filter

Now it’s possible to filter alerts by risk, selecting one or more risk levels. This filtering, in combination with the status of the alert (New, investigating, remediating, remediated, false positive and ignored) allows you to focus on the alerts that are important for you.

Untitled1.png

 

Asset group business value tool-tip

When checking the details of a specific alert, it will be possible to quickly consult the value of a specific asset group, just by hovering over it.

Screenshot 2020-10-02 at 10.23.29 copy.png

 

Affected asset count

In order to quickly assess the scope of a threat, we will be able to see at a glance the number of assets that are affected by a specific threat type, as well as the number of alerts related to it.Screenshot 2020-10-02 at 10.22.57 copy.png

 

It will also be possible to see how many assets belong to a specific asset group, which can give us some hints about the priority that we should assign to it:

Untitled.png

 

 

New anomaly description for sinkhole classifier

Cognitive is capable of detecting when a known DNS server is giving out a false result for a domain name, and therefore a connection has been sinkholed. It will explain it accordingly in a new anomaly description, so security analysts can understand the proper context of an alert.

We can see it under an Alert -> Alert detail -> Anomalies section

Screenshot 2020-10-07 at 21.29.36 copy.png

 

 

New Confirmed Threats

List of new Confirmed Threat types in September:

Name

Category

Risk

Description

BLINDINGCAN

Remote Access Trojan (RAT)

Critical

BLINDINGCAN is a remote access trojan (RAT) which gives the attacker complete remote control and administration of the infected device. This RAT is associated with a malicious cyber activity by the North Korean government as HIDDEN COBRA. RATs are used in targeted attacks, espionage, financial theft, and stealing of sensitive corporate information. Commonly used by malicious actors to bypass second-factor authentication methods. 

 


Leveraging Cognitive Intelligence

Cognitive Intelligence capabilities are available to AMP customers with a compatible web proxy such as the Cisco Web Security Appliance, and all Stealthwatch Enterprise customers. Reach out to your account executive to learn how to turbocharge your existing cybersecurity investment with Cognitive.

Content for Community-Ad