I would like to see a centralized threat intel portal.
What I mean with that is that I would like to have one place where I can search for:
All Threats and Indicators that IDR is using - like the data that is provided in the Alert Settings - ABA part within IDR.
All vulnerabilities - like the database of vulnerabilities that is available within IVM.
All known threat actors, with a brief description of where they are located, where they usually direct their attacks - both target industries and target regions. Maybe even add additional information about known associated malware for the actors.
Have an integration towards IDR and IVM to be able to see if we have investigations open related to any known actor and get a quick list of machines vulnerable to certain vulnerabilities related to that actor and then jump into either IVM or IDR for further follow up and taking appropriate actions.
In my head it would be really useful to have one place too be able to look at all of it. Have it like kind of a bridge between IDR and IVM to be able to take our actions further in a quick and easy way.
Would this be doable?