Cisco Security and Smiddle

SSAP can collect and process threat information from a large number of sources (open public sources and sources with limited access that require authorization) and work with different formats: CSV, MISP, TXT, PDF, STIX, HTML, STIX/TAXII.

The Smiddle Security Administration Platform works like a central database that collects, normalizes, and removes duplicate and invalid indicators, prepares personalized lists of threat indicators and enriches corresponding security devices. Providing unique and type-appropriate indicators of compromise increases the security effectiveness.

Automated collection, processing, and normalization of metrics reduces the time security personnel spend processing Threat Intelligence events.

Smiddle Security Administration Platform provides:

• Connection of various resources (feed) to obtain indicators of compromise (IoC);
• Collection of IoC from the local file (TXT/XML), from URL, from PDF-reports on cyber threats, from FS Group and MISP, STIX format files;
• IoC validation on the VirusTotal platform;
• Creation of white lists of resources;
• Cleaning IoC during validation and comparison with white lists;
• Viewing information about indicators of compromise: statistics of activations, sources of origin, distribution rules, editing, updating information, deletion, inclusion in the White list;
• Formation of rules for the import of IoC at FMC;
• "RedButon" - instant enrichment of FMC and Cisco Firepower with new IoC;
• Enrichment of ESM ArcSight with IoC;
• Survey of Cisco FMC for the formation of operation statistics;
• Functionality of monitoring the activity time of all licenses: SSAP, Cisco FMC, CISCO Firepower and paid feeds: FS-List, Cisco Talos, Cisco Umbrella;
• Dashboards with information about the efficiency of resources, the number of activations and other statistics.