hello today I'm going to show you the threat intelligence security Center application otherwise known as tisk part of the portfolio of Security operation Solutions here now on the service now platform I am logged in as Adam a member of the Cyber threat intelligence team or CTI team in short and he has received some intelligence that he is required to action and he needs to conduct threat Intel case management and possibly some campaign tracking Adam needs to investigate this malicious IP address received by the CTI team when Adam goes into the internal intelligence tab he can see that tisk has native connectivity to the other applications on the service now platform such as security instance as well as vulnerability entries from vulnerability response and any other data in Adam's instance such as configuration items and affected Services as well as a result Adam doesn't need the swivel chair between multiple disparate tools to see any related incidents assets and vul abilities Adam goes to the related records Tab and sees that this malicious IP address is related to a known threat actor and he is concerned about it let's take a closer look at this threat actor the related records here are also shown in a Rel relationship graph Adam sees that this malicious IP address and this thread actor are all related to a campaign that is already in the threat Intel library before Adam opens a new threat Intel case he's going to check to see if there's any existing cases open already in this case we can see one right here Adam can click on it and go directly to that case but instead he's going to open his threat analyst workbench directly within the threat analyst workbench Adam can view the cases and case tests that are assigned to him and the rest of his team in this case Adam wants to look at the case we look looked at earlier if he believes this case needs to have restricted access he can easily enforce that here he can also browse the T case tasks any artifacts related to this case and related miter attack techniques Adam can also view or create any case reports within tisk we can create various report templates so that the CTI team doesn't have to spend a lot of time on report writing while he is here Adam's going to take a look at another threat Intel case that he's been working on in this case the 102 one and as you can see same information is available in 2002 as it was in 2003 such as case tasks artifacts miter attack and any case reports as well for this particular threat Intel case Adam needs to start a new report he has some various templates here he can choose from Within These templates we can pre-populate much of the information and data so to save time and effort but now let's take a step back and see how the functional underneath this makes it all happen as an administrator within the administration function we can configure our import approval rules and our inbound filtering rules for when we ingest and consume threat intelligence most threat Intel vendors control the threat scores and do not provide any flexibility instead of a black box function service now gives you that control and provides you the ability to configure your own threat score calculator allowing you to tailor it to your environment and on top of that service now allows you to recalculate historical sto scores based on new data and new findings here we also have our security control list such as an allow list deny list and watch list we can also create our own taxonomies the reputation calculator allows you to calculate findings based on threat lookup vendors and can give you a rollup of threat lookuper results since service now provides email notifications as part of the as part of the platform we've leveraged that capability here as as well lastly you also see all the report templates where we can create and store templates for those case reports we saw earlier on the threat analyst workbench earlier in the demo we saw Adam doing threat Intel case management but how did he receive that Intel in the first place before tisk Adam's challenge was too many disperate threat feeds and Intel sources the threat intelligence security Center at application provides pre-built Integrations with several Intel sources as well as enrichment Integrations regardless of whether or not the feeds are Integrations with commercial vendors open source government law enforcement or others also in this case Adam can also configure a new source here based on a variety of formats threat feeds are not the only way to injust threat Intel sometimes Adam attends ISAC meetings and receives Intel shared by peer organizations that just recently experienced an attack that is relevant to his organization or files with threat in tell are provided to Adam by government agencies or law enforcement agencies Adam can use tisk to import that threat intelligence from various sources and formats so here we can see that he can import it from a structured file or he can import it via a standard format you can also import it via raw text either pasted or free form and then he can also import via file that's UNR structured the threat intelligence security Center provides Technology Solutions for data aggregation enrichment management and operational details of threat intelligence by enabling more effective decision-making and Enterprise security case management with threat intelligence security Center you can improve your organization's security and risk posture