CAL 3.7 Release Notes

New Features

CAL ATL Industry Classification

It can be overwhelming and difficult to sift through cybersecurity intelligence reports and blogs that offer valuable information to organization defenders. Not all information is relevant to your organization’s industry-specific security needs and structures.

CAL™ Automated Threat Library (ATL) industry classification uses natural language processing (NLP) to classify ATL Reports by industry, creating machine-readable components that can be leveraged throughout ThreatConnect® via industry Tags that you can pivot on, including in Threat Graph, and as industry-based keyword suggestions for IRs. You can use these Tags and keyword suggestions to streamline your CTI analysis in a number of ways, including the following:

• Use industry characteristics to prioritize the most essential CAL ATL Reports for review.
• Save time by removing irrelevant content from queries and IRs.
• Provide focused information that lets you stay on top of emerging industry topics and threats.
• Identify and leverage industry topics to make recommendations for funding and for your organization’s cybersecurity controls, training, and awareness programs.

CAL ATL uses NLP to review ATL Report contents and identify relevant industries via Tags

ATL Blog Additions

Manually collecting and analyzing threat intelligence, especially unstructured data, from various sources is time consuming and error prone. CAL ATL automates, aggregates, and analyzes intelligence from more than 70 authoritative publishers generating open-source intelligence. AI and NLP automatically extract critical information into pivot points that can help you prioritize, filter, and highlight the most relevant information for your role and organization, such as Indicators; MITRE ATT&CK® tactics, techniques, and threat actor aliases; and Vulnerabilities from the National Vulnerability Database (NVD).

The following new sources are now included in CAL ATL:

• CERT-UA news (Ukrainian Language)
• CIS - Center for Internet Security (Advisories)
• CIS - Center for Internet Security (Alerts)
• Government of Canada Alerts and Advisories
• JPCERT Coordination Center Official Blog
• JPCERT (Japanese Language)
• Kyberturvallisuuskeskus - Alerts (Finnish Language)
• Kyberturvallisuuskeskus - Information Security Now! (Finnish Language)
• Kyberturvallisuuskeskus - Vulnerabilities (Finnish Language)
• NCSC Reports, Guidance and Blog-post
• RedPacket Security Posh C2
• RedPacket Security Pikabot C2
• The DFIR Report

Improvements

• Improvements were made to special-character handling in global IR results.
• Suggested MITRE ATT&CK keywords in IRs are now capitalized to align with the format of these terms in ATT&CK Tags.

ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc. 
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.