Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

Welcome to the EclecticIQ Analyst Workflow training. In this training you will learn the fundamentals of working with the EclecticIQ Intelligence Center. We developed this training in close cooperation with our internal cyber threat analysts that are using the Intelligence Center in their day-to-day operations. The training consists of 14 modules, designed around specific problem-sets and common CTI workflows. In the training you will be using a pre-configured demo instance. The instance uses the latest release of the Intelligence Center providing you access to the latest functionality. We will begin the training with a general UI overview of the Intelligence Center. After that you will learn the basics of searching information in the platform, and how to organize your knowledge using workspaces and datasets. We will then provide a brief introduction to the STIX 2.1 standard and walk you through entity creation. Then you will learn all about the graph feature, and how to analyze information and data points stored inside the Intelligence Center. After that we will look at ways to automate workflows in the platform using entity rules, observable rules, and the discovery feature. In the next module you will learn how to work with unstructured reports, such as blog posts, pdf files or emails, and how to enrich data points in the Intelligence Center. At the end of the training, you will learn how to disseminate information to your intelligence stakeholders or to your security controls in an automated way. We will conclude the training with the policy function, allowing organizations to delete information at set intervals. Each module provides you straightforward, hands-on exercises to apply CTI tools of the trade, and we believe that you will be able to apply the learning immediately after the training. In the training you will be using a pre-configured demo instance simulating a production environment. In your training documents you will find a link to your personal platform instance. Please copy and paste the URL into your browser. We recommend that you are using the Chrome Browser for the training. To login into the platform please use the following credentials: In the username field, type “IntelligenceCenterUser”. The password is "EclecticIQ101 exclamation mark". If successful, you will see the Intelligence Center Dashboard. If you encounter any problems with accessing the instance or the login, please reach out to your customer success manager. Let's start with a quick introduction about the layout and various modules of the Intelligence Center. After you have logged in you will be presented with the dashboard. The dashboard contains different widgets, about the number of entities or observables per feed, open tasks, and other information. On the left side you will find several icons organized in the quick access navigation pane. Let’s go through each of the icons quickly. Please click on the data configuration icon on the left. Throughout the training, we will configure certain elements in the platform, like feeds, taxonomy nodes, rules, or policies. You can see each of these in the top row. The next item on the list is “Discovery”. Discovery helps analysts to identify and be alerted about new or existing data in the platform that is of relevance to the organization or links to a current investigation. As you will see during the training, you can create discovery rules to fine tune alerts. Exposure uses STIX sightings to provide insight into how your organization leverages existing intelligence, how efficiently intel is integrated into your environment, and if you are affected or potentially compromised. With Exposure an organization can identify what information in the intelligence center has been disseminated to its security controls like a SIEM, Proxy or Firewall, or to communities, and which information in the platform has not been actioned - possibly leaving your organization exposed to a threat. The next icon lists all the workspace configured in the platform. The Intelligence Center allows you to organize your information inside workspaces. Think of workspaces as buckets to organize threat data in alignment with your Intelligence Requirements. Throughout the training we will create several different workspaces. You can easily open the workspaces from this list. The next icon opens the Graph. All data in the platform - be it STIX Domain objects, observables, or relationships - can be plotted on the graph. To access the graph, do a one-click on the graph icon on the left-hand menu. This will show a preview of the graph which is currently empty. If you click on the preview window the graph is open in full screen mode. In this training you will learn how to add data to the graph, how to filter data points, how to export or manipulate information on the graph. You will also understand how analysts can use the graph to conduct link analysis or view data on a time scale. Please click on the minimize button on the top right to minimize the graph. You can search for information in the Intelligence Center by clicking on the magnifying glass item on the left. Here you can execute string searches, or search for very specific objects based on the Elastic Search Query Language. The plus sign on the left enables you to quickly create objects inside the Intelligence Center. You can create objects in the platform to organize your workflows, such as workspaces, datasets, tasks or rules. From here, an analyst can also start creating structured threat information. As you can see from the list the platform supports the creation of STIX 2.1 - and for backward compatibility - STIX 1.2 objects. In the bottom left you will see five additional icons. The first one is the notification icon. The platform will inform users about different actions or updates happening in the platform. Below the notification is the task item, showing all tasks that are assigned to a user. You can also create new tasks from here. If you click on the question mark icon, the platform will provide several EclecticIQ resources including the release notes, links to the documentation, to the ideas portal, and to the service desk. Under the settings icon, administrators can configure several platform settings such as users, groups and roles, account policies and more. Organizations can also enable “early access features” before they are officially released. Please note that the platform configurations are not part of the Analyst Workflow Training. The last icon on the left opens the user profile page. Here, users can edit their profile, switch between light and dark mode, create API tokens, and enable two factor authentication for their account. This concludes the brief introduction of the Intelligence Center layout. We will provide more details on each of these during the training modules. You will also learn how the components interplay with each other and how they help analysts in their day to day operations.