Skip to main content

Release Notes 3.7.2

October 23, 2024

We are excited to introduce you to the latest version of Intel Exchange v3.7.2. This release includes new features and enhancements.

Marking Specification Beta

Intel Exchange now supports custom marking specifications, allowing you to define the shareability of threat data. This ensures compliance with data-sharing policies by marking threat data objects based on sensitivity and sharing limitations, giving you precise control over access to sensitive information and streamlining collaboration.

This feature also provides the flexibility of adding marking definitions while adding intel and STIX sources in Quick Add Intel and Integration Management respectively.

For more information, see Marking Specification.

Risk Score Engine Beta

The Confidence Score Engine is now revamped and renamed to Risk Score Engine.

The Risk Score Engine now allows you to customize how Intel Exchange calculates the Risk Score for indicators. You can enable the Intel Exchange Risk Score to adjust weightage for source credibility, enrichment tools, and attributes. Alternatively, you can choose to enable the External Risk Score to retain the score from external sources as the final Risk Score. This feature facilitates more accurate risk assessments and supports enhanced decision-making.

For more information, see Risk Score Engine.

Threat Data Enhanced

  • Quick Actions now support the following options:

    • Add Relation: You can now add relations to threat data objects, allowing you to establish connections with other threat data objects to enhance analysis and provide clarity on interrelated threat data objects.

      Additionally, you can also edit existing relations of a threat data object in the Relationship Details section.

    • Add Custom Attribute: You can add custom attributes to threat data objects, which helps you to track specialized information, such as internal risk ratings or operational context, enhancing your analysis.

    For more information, see Action on Threat Data Objects.

Other Enhancements

  • Intel Exchange now supports IPv4 CIDR ranges in Threat Data CQL search, Rules, and Allowed Indicators, enabling IP subnet queries and better management of network-related threat data.

  • In Rules, you can now create CFTR incidents for specific campaigns, enabling real-time tracking of high-priority threats. For more information, see Create CFTR Incident using Rules.

  • In Custom Entities Management, you can now add multi-select custom attributes, allowing for more flexible categorization of threat data. For more information, see Custom Attributes.

  • Detailed Submissions now include the following enhancements:

    • The following STIX components are now introduced in Detailed Submissions: Course of Action, Grouping, Incident, Intrusion Set, Malware Analysis, Observed Data, Opinion, Note, and Custom Object. This allows you to submit and curate a wider range of threat data objects.

    • You can now specify Relation Type when linking primary and secondary objects, making it easier to define and understand the connections between different STIX components. This enhancement enables more precise and detailed submissions of threat intelligence.

    • You can now add Custom Scores for all STIX components in Common Fields which helps you prioritize the analysis and dissemination of threat intel.

    For more information, see Detailed Submission.