This document provides release notes for the Bandura Cyber Global Management Center (GMC).
Release: GMC Build 48
Release Date: 26 March 2021
TruSTAR Threat Intelligence integration
Customers with access to threat intelligence through the TruSTAR Intelligence Management Platform are now able to leverage our new IPv4 and Domain Denied List plugins to block traffic using indicators pulled from TruSTAR enclaves.
To integrate your TruSTAR threat intelligence in GMC select Denied List from the navigation and choose IPv4 or Domain. In the top right corner click the green "+" icon. In the Create modal, select "TruSTAR" from the "Type" dropdown.
Give your list a name and, if you'd like, a description. We recommend checking for updates every 60 minutes, however you may choose to adjust the interval if you wish.
Enter your Enclave Id as found in your TruSTAR User Profile Settings under “View Enclave Subscriptions”. You may also obtain the Enclave Id from the Enclave member organization, if applicable. Click the green “+” icon to add the Enclave Id. You may enter one or more Enclave Ids to pull indicators from.
Next, enter your TruSTAR API Key and your API Secret as found in your TruSTAR API Settings. You may also obtain the API Key and API Secret from the Enclave member organization, if applicable.
Finally, select the Time Since Last Seen value to determine the age of the indicators you wish to pull and click on "Create" to add the feed to your list. Please allow anywhere from 15-30 minutes for the indicators to populate.
To learn more about TruSTAR, please visit their website at trustar.co. If customers have any questions or need assistance in setting up TruSTAR Denied Lists using the plugin, please contact the Bandura Support team at firstname.lastname@example.org or by calling +1-855-765-4925.
US-CERT Cloud Services cyber attack protection
The United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, recently issued an alert regarding threat actors attempting to exploit poor cyber hygiene and phishing tactics through attacks against organizations’ cloud services.
As part of the alert, US-CERT included reference to a STIX file containing indicators of compromise. Bandura has created an automated IPv4 Denied list that allows customers to block traffic based on the IOCs provided. To enable the list in GMC, select Denied List from the navigation and choose IPv4. You will find the list, entitled “US-CERT Cloud Services”, on the page and ready to be enabled. Simply click on the “Enabled” check box in the left column and you will now be protected.
To learn more about using Denied Lists to protect your network, please contact the Bandura Support team at email@example.com or by calling +1-855-765-4925.