[Music] hello my name is Morgan pones and I'm a solution consultant with service now specializing in security operations today I'm going to walk you through one of the new features available in the Zan do now platform release threat intelligence security Center in the security incident response module this presentation may contain forward-looking statements that reflect the current beliefs of service now and are based on current information available these forward looking statements should not be relied upon in making purchasing decisions threats move fast and you need to move even faster with threat intelligence security Center we can better manage our threats within our security environment within threat intelligence security Center we will be able to import vital threat Intel data analyze and respond to threats improve security posture and analyze report and mature arth threat landscape within the zanadoo release there are many highlights for the threat intelligence security Center solution organize and manage the creation of observables through the implementation of TC API 2.0 Define expiration policies at a more granular level add observables to case records directly from security incident response workspace manage the analyst actions through automation flows conduct research on threats to support the reactive and proactive needs of security teams and create and track threat investigations using case management how is threat intelligence security Center different from the current threat intelligence module insecurity incident response while security incident response threat intelligence provides at a basic level the capabilities such as data collection indicator enrichment incident response coordination and threat analysis framework miter TC provid these capabilities at an advanced level along with quite a few new capabilities such as data processing that normalizes D duplicates and Aggregates the data collected data correlation custom threat scoring integration with security tools dashboards and reports specific to CTI team and features to perform threat hunting now we will transition into a short demonstration of threat intelligence security Center in the service now platform I am logged in as Adam a member of the Cyber threat intelligence team or CTI team and he has received some intelligence that he is required to action and he needs to conduct threat Intel case management and possibly some campaign tracking Adam needs to investigate this malicious IP address received by the CTI team so he will go to the threat into a library when Adam goes to the internal intelligence tab he can see that TC has native connectivity to the other applications on the service now platform such as security incident response and vulnerability response and the other data in Adam's instance such as configuration item data as a result adom does not have to swivel shair between multiple disperate tools to see any related incidents assets and vulnerabilities Adam goes to the related records Tab and sees that this malicious IP address is related to a known threat actor that he is concerned about let's take a look at this threat actor the related records for the threat actor can be visualized in the relationship graph Adam sees that this malicious IP address and this threat actor are all related to a campaign that is in the threat Intel Library he can click on the campaign for more details before Adam opens a new threat Intel case he's going to check to see if there are any existing cases open already he goes to the related records Tab and underneath the related cases lists he can see that a case does already exist Adam can click on it and go directly to that case but instead he's going to open his threat analyst workbench within the threat analyst workbench Adam can view the cases and case tasks that are assigned to him and his team Adam wants to look at the case we located earlier if if Adam believes the case needs to have restricted access he can do that here he can browse the case tasks artifacts related to this case and related miter attack techniques Adam can also view or create any case reports within threat intelligence security Center we can create various report templates so that the CTI team doesn't have to spend a lot of time on report writing while Adam is still here in the workbench he's going to take a look at another case that he's been working on again he can view any related details about this case such as artifacts minor attack techniques and case reports for this particular threat Intel case Adam needs to start a new report he has some various templates to choose from Within These templates we can pre-populate much of the information and data so as to save time and effort let's take a step back and see how the functionality underneath makes this all happen underneath the admin tab within the administration function we can configure our import approval rules and inbound filtering rules for when we ingest and consume threat intelligence most threat Intel vendors control the threat scores and do not provide any flexibility instead of a blackbox function service now gives you that control and provides the ability for you to configure your own threat score calculator allowing you to tailor it to your environment service now also provides the option to recalculate historical scores based on new data and findings coming back to the administration homepage here we also have our allow list deny list and was lists and we can create our own taxonomies the reputation calculator allows you to calculate findings based on threat lookup vendors and can give you a rollup of threat lookup results since service now provides email notifications as part of the platform we've leveraged that capability here as well and the report template area is where we can create and store the templates for those case reports we saw earlier in the threat analy workbench this concludes our threat intelligence security Center demonstration this new feature is available today with the now platform xanad do release thank you so much for your time today and learning more about security operations and the new now platform zanadoo features for more information please visit www.s servicenow.com thank you