Data Limits

View Threat Data

At a time, you can view a maximum of 50,000 records in Threat Data.

Export Threat Data

At a time, you can export a maximum of 100,000 records from the Threat Data into a CSV file.

Threat Data Source Details

For threat data objects, analysts can view the latest seven entries of sources that sent threat intel to CTIX in Threat Data > Source Details. For indicators, analysts can view all entries. This functionality is not applicable to indicators.

The maximum size of the excel sheet that you upload for the lookup is 10 MB.

From this excel sheet, a maximum of 10,000 records are taken up for the lookup. If there are more than 10,000 records, only the first ten thousand records are fetched.

While configuring API feeds, you can poll for the last 15 days' data for API feed source providers.

If you need to extend the polled days limit beyond 15, contact Cyware Support.

You can create a maximum of 100 watchlist records in the system.

Every watch list record created should at least consist of three characters.

The Cyware CSV file size must be less than 10 MB. The first 10,000 records in the file are processed. Blank rows are also considered in the 10,000 records. If the file has more than 10,000 records, only the first 10,000 records are processed.

For running the rule manually, you can select a maximum of 15 days worth of past data.

If you need to extend the polled days limit beyond 15, contact Cyware Support.

Any email in the threat mailbox that has total attachments above 10MB is not parsed.

At a time, a maximum of 50000 characters are parsed from the attachments.

You can create intel for a maximum of 4000 STIX objects at a time from the threat mailbox email attachments.

Using the Quick Add Intel feature, you can add intel to the Intel Exchange application by providing just a few details.

When passing data into Intel Exchange using the Free text, Import File, or from a URL, 50,000 characters are parsed in Intel Exchange at a time. If the URL, imported file, or free text submission has more than 50,000 characters then only the first 50,000 characters are parsed.

From these 50,000 characters parsed, intel is created for a maximum of 4000 STIX objects at a time in Intel Exchange.

The total size of a Threat Bulletin, including content and attachments, must be less than 10 MB. If the bulletin exceeds this limit, processing will be restricted to ensure optimal performance and system stability.

This section outlines the limitations that apply when using Cyware Query Language (CQL) to search and filter threat data.

Parameter Limits

Operator Limits

The following limitations apply to CQL operators:

While scheduling a report, you can publish a maximum of 100,000 records at any moment in the Intel Exchange application.

You can add a maximum of 11,000 indicators to the allowed list in Intel Exchange if you are using Cyware On-Premise.

However, if you are using Cyware Cloud, you can add a maximum of 100,000 indicators to the allowed list.

You can add a maximum of 1000 third-party ignored indicators in the Intel Exchange from the configured repository.

In Audit Log Management, administrators can view User (API) Activity Logs for the last 7 days.

The maximum supported size for the value of a custom attribute is 32 KB, equivalent to 32,766 characters. While ingesting, if a custom attribute value exceeds this limit, the additional characters are discarded.