CounterCraft’s Version 3.4 release of The Platform™ introduces several key new features to improve the threat intelligence delivered by our powerful deception technology. In this post, we outline just some of the enhancements and new functionalities in this release. Users can now experience key improvements that simplify DSN installation along with a brand new innovative feature that will be of particular interest to SOC analysts: The Incident Report tool. Version 3.4 is a great step forward and will enhance the wide array of detection and threat intelligence features that the product already hosts, making it more powerful than ever before.
Threat Intelligence Incident Reports
One of our favorite new features of Version 3.4 are the threat intelligence incident reports, designed specifically to make SOC analysts’ lives easier. This new addition enables analysts to swiftly generate and forward incident reports to their supervisors and company leaders, leveraging the built-in threat intelligence incident reporting tool.
The newly enhanced Incident Report tool produces comprehensive data about incident activity within a deception campaign. In just a few clicks, SOC analysts can create a detailed customized report, which will save them valuable time. It can also be saved and created as a template for future events.
Other improvements included in v3.4
That’s not all! The newest version of CounterCraft The Platform includes improvements that are designed to keep users one step ahead of the evolving threat actor landscape. Read on to find out about other new features included in Version 3.4.
Increasing Agility of MITRE Caldera
We have enhanced MITRE Caldera functionality making it even more agile to use. Upon Deception Director installation, a set of caldera plugins will be downloaded from CounterCraft and a nightly task will be created to download the latest MITRE Caldera plugins published. Users will be able to decide whether they want to download and use these new MITRE Caldera plugins or not.
New DSN Installation
In previous versions of The Platform™ users were required to download the DSN bundle via the web. In upgrade v3.4.x this becomes simplified by using the installation dropper copying just one line, saving a good deal of time and speeding up what is already a fast product installation process.
LogRhythm SIEM Integration
Via a plugin that integrates with LogRhythm users can send logs to LogRhythm via syslog messages. For more information please check LogRhythm webpage at https://logrhythm.com/
Support for ‘Ptrace’ event types to ‘process’ event categories
The Platform™ now supports Ptrace event types to process event categories. With ptrace malware writers can essentially redirect the debuggee to call malloc(), and given the newly allocated memory, insert a new program (making sure the pages are marked readable and executable). Users can also redirect existing codes to that memory for execution and then let the debuggee continue implementation.
Gorka Ariznabarreta is the Product Manager at CounterCraft, responsible for the company’s product design and development. Follow him on LinkedIn.