Tidal regularly releases new content in the free Community Edition of its platform, and we recently published our largest-ever single batch of threat-focused content! Not only was the new release a milestone in terms of content – we also added an exciting new feature (Tidal-curated Tags) that greatly enhances research workflows in the tool.
More details on all the new content & features in Community Edition are below. Don’t forget to create a free account to unlock even more functionality, or reach out to learn more about how to fully operationalize threat-informed defense in Tidal’s Enterprise Edition.
We’re thrilled to add public detection analytics from The DFIR Report to the Analytics library in Tidal! The DFIR Report team regularly publishes results from their deep-dive investigations into recent cyber intrusions, and helpfully shares a collection of select, relevant detection rules back with the community. The update now makes the Analytics library multi-source, as The DFIR Report content represents the first set of rules added on top of the 2,300+ existing Analytics in the library sourced from the SigmaHQ repository.
Tidal users can now surface all of these rules side-by-side in the Analytics library page and via the platform’s global search functionality, further enhancing research use cases in the platform – see the video for a quick tutorial.
The Tidal platform enables defenders to intuitively “extend” the MITRE ATT&CK® knowledge base with timely threat & defensive content relevant to them. Tidal’s Adversary Intelligence team regularly creates & publishes threat content to supplement users’ knowledge base and since early last year, has been publishing this content as “objects” that look and feel just like the content from ATT&CK.
Our recent release contained our largest-ever (yet!) batch of threat intelligence-focused content: 200 new Software objects representing major known “living-off-the-land” utilities. These utilities are legitimate software packages typically native to enterprise endpoints but which are regularly abused by a wide range of adversaries, including prominent ransomware, extortion, and other financially motivated actors and even nation-state-sponsored advanced persistent threat (APT) groups.
The new objects are based on contents from the popular LOLBAS community project (thanks to the maintainers noted here!) and feature relevant ATT&CK Technique relationships, contextual details, and detection/defensive suggestions, as well as Tidal enrichment in the form of other threat object (Groups or Campaigns) relationships and other Tags (more details below!). Surface the new LOLBAS content from the Software List page, the LOLBAS Tags list, and via the global search functionality, all featured in the tutorial.
On top of all the fresh content recently published in the platform, we also released a new feature – Tags – that enables users to more readily navigate & draw insights from this content, empowering threat-informed defense research & action through our platform. Tags have been available in Tidal’s Enterprise Edition (where users can create custom, user-defined tags on most types of objects – reach out to learn more!) since last year, and we’re now releasing a large batch of Tidal-curated Tags to all users to help further enable their workflows and spark inspiration for additional tags.
The first batch features more than 200 discrete Tags across five Tag Families, enabling research & filtering around key types of threats, the technologies they target and exploits they use, reporting sources, and relevant defensive content. In total, more than 1,200 Group, Campaign, Software, and Analytic objects are tagged across these first Tag Families alone, giving users a streamlined way of navigating across a massive batch of content overnight. Importantly, Tags tie together much of our latest content (like the new Analytics and LOLBAS featured above) in helpful ways – see the videos for a few final tutorials, culminating in a workflow that is powered by all of our latest releases!