Soltra Edge 2.9 adds a new full-text search capability that replaces the object catalog from previous versions. Searches can include full-text keywords and key/value terms. The new search capability provides results at human-interactive speed and scales to
millions of indicators stored in the database. Search results can be bookmarked in the browser and shared with other users using
|Received Date||year:2016 month:10 day:3|
|XML Namespace (Alias)||ns:opensource|
Intelligence can now be tagged, helping users organize their threat intelligence. Tags appear on the Object Detail page, in search results, and may be used in searches (e.g., tag:tagname).
Users may customize tag colors for easy visual identification.
Soltra Edge 2.9 Includes support for sending and receiving threat intelligence from the DHS Automated Indicator Sharing (AIS) program, as well as tools for incorporating sharing intelligence via AIS in your organization.
If you have access to AIS TAXII services, you can configure a Peer-to-Peer connection, just as with any other TAXII service. If data is received that includes DHS AIS handling details, those details will be displayed in the object detail page.
The clipboard can be used to assemble a collection of intelligence to share with AIS, and Soltra Edge’s AIS Submission tool will assist with marking the documents appropriately before sending it via TAXII.
The Upload tool has been enhanced to provide additional validation of STIX documents. The upload tool now validates:
Documents that contain DHS AIS markings
Documents that contain CISCP Indicator types Benign and Compromised
When Soltra Edge is used to send data, users can now indicate the destination TAXII collection name(s). For TAXII, a more detailed HTTP User-Agent string is sent with requests indicating the Soltra Edge version information. This provides additional reporting information
for data providers or clearinghouses, and assists with troubleshooting interoperability issues.
Previously, Administrators were unable to create new system-level feeds. Now, any administrator can create or modify a system feed.
All previous versions of Soltra Edge have included a built-in system.Default feed. The system.Default feed is no longer present on new installs of Soltra Edge; existing deployments retain the system.Default feed on upgrade. Administrators are free to configure all feeds to meet their needs.
Two additional query filters were added to aid with data selection, as well as improve the quality of output data.
XML Namespace (URI) matching filter
Private IP Range (RFC 1918) Address exclusion
Users of installations with large data repositories may find it difficult to find their own data when creating relationships or referencing existing Observables. To improve this situation, the Search system can now limit results to intelligence that was created by
the system’s configured namespace.
When working with Activity entries, users may want to send an email with a reference to specific intelligence. Links have been added that can begin composing emails with STIX ID detail included in the body automatically.
The Home View’s Top Contributors, as well as other charts now link to search queries with appropriately related results.
To make Soltra Edge more globally accessible, Full Names have replaced first and last names throughout the application. When upgrading from previous versions, existing name data will be coalesced to the new format automatically.
Previous versions of Soltra Edge included a predefined, built-in Admin user account. Now, Administrators may have any username and there is no requirement to have an explicitly named Admin user.
TAXII Inbox Namespace Approval Lists
User Inbox submissions (TAXII) may now be restricted according to a pre-approved list of XML Namespaces. In mixed-use installations, such as intelligence hubs or clearinghouses, this helps prevent users from submitting unwanted or unauthorized reports and data.
Soltra Edge 2.9 includes all new Configuration views with an improved user interface. All configuration options are now effective immediately and no software restart is required.
For Soltra Edge servers that utilize https Client Certificates (Two-Way), CNAME / Login verification was performed previous to 2.9. Since this may not be appropriate in some configurations, it is now a tunable parameter. (Default: On)
Edge 2.9 supports a broader range of configurations through better separation of the application from the underlying operating system. As a result, Edge 2.9 does not require sudo to operate. Edge configuration options related to sudo have been removed.