Arctic Hub has seen a flurry of activity over the past year, with several significant updates that have enhanced its capabilities and user experience. Here’s a look at the key updates and features introduced in each major release.
Our August release introduced several enhancements. We improved users' interaction with and understanding of data events related to their organization by introducing "match description" metadata keys to clarify event matches. Other notable additions included a new ontology type, "end-of-life component," under the "public exposure" category.
We added enhanced email notification features using VERP (variable envelope return path) for SMTP bounce control. Support for VERP helps deal with the bounces when sending notification emails. There were also updates supporting new and existing feeds from providers such as Team Cymru, Crowdstrike, and Fitsec.
In September, Arctic Hub introduced a sophisticated issue notification feature allowing users to notify customers on unique issues with consolidated email notifications on a once-per-month basis, reducing redundancy in notifications for certain topics that normally produce many or frequent events. Issue notifications can be especially useful for notifying about issues such as scan results, where repeated scanning produces the same results about the same issues and continuous email notifications would become too noisy.
This product release improved feed robustness and UI code enhancements, transitioning from JavaScript to TypeScript for a more future-proof structure. The backend feed augmentation configuration also became more intuitive, streamlining user interactions.
The October release was designated to refresh major platform components without introducing new features. The main event database was upgraded from MongoDB version 4.4 to 6.0, as MongoDB 4 was nearing its end-of-life. This version also sets the stage for phasing out support for older Hub versions and systems incompatible with the newer database technologies. As of 2024, we now recommend using RHEL9 or its derivatives as a platform for Arctic Hub.
The January update focused on refining functionalities across the board, including backups, feeds, integrations, and more granular logging configurations.
New features include an enhanced event inspector on the dashboard. This feature helps dashboard users navigate through events and organize the event content into logical groups for more intuitive use. The new event viewer also includes built-in search functionality and content export ability.
We refined the Arctic Hub’s customer matching labels for events introduced in August. Match description has been improved to provide better results in some less frequent cases, and we updated match-related metadata for events, including "configured asset," "enumerated domain name," and "enumerated domain name count." We also improved the streaming of event data to the dashboard.
The latest March release introduced feed processing capabilities, new feed integrations, the Mandiant Advantage Threat Intelligence data feed, and updates to the GeoIP database.
On the dynamic asset discovery side, we added support for DomainTools DNSDB to offer more options for sourcing the data and enhanced the efficiency of feed processing by prioritizing DNS queries. Arctic Hub’s dynamic asset discovery now scales better for our customers, who include many organizations with large asset footprints as stakeholders.
Enhanced Feed Support and Processing: We continuously improve feed types and processing mechanisms, for example, by adding support to 6 new Shadowserver reports. We also update data harmonization, ensuring users receive precise and actionable data. We made significant updates to Arctic Hub’s match metadata feature to help our customers communicate better with their stakeholders about why they were notified of the issue.
Improved usability: Enhancing dashboard functionalities has made the user interface more intuitive and responsive and will help Arctic Hub users accomplish their work faster.
Improved dynamic asset discovery: Our customers can now choose from multiple data sources for discovery, and the feature scales better for large setups.
Improved Notification Systems: From VERP in emails to the introduction of unique issue notifications, Arctic Hub has significantly advanced how users are alerted about security events, reducing noise and focusing on uniqueness and relevance.
Maintaining a Robust Platform: Upgrades to critical backend components like MongoDB, Python, and Nginx have ensured that Arctic Hub remains fast, reliable, and secure. Transitioning to TypeScript will improve the maintainability of user interface components in the long term and speed up future feature development.
Arctic Security remains committed to delivering state-of-the-art platform and data processing capabilities for our NCSC, CERT/CSIRT, and MSP customers. Future updates will continue to enhance user experience, expand feed compatibility, and ensure robust data handling and security measures.
Stay tuned for more updates as we continue to enhance Arctic Hub to meet the evolving needs of our users in the dynamic security landscape.