Skip to main content

Cyware Threat Intelligence eXchange

Configure General Settings

Configure the general settings of the application, such as the logo, tenant settings, general user account settings, Google reCAPTCHA, error email IDs, cost configuration, local timezone, and data update permission.

Steps

  1. Go to Administration > Configuration > General Settings.

  2. Upload a logo that appears on the left top bar of the application. You can choose to upload your company logo for a personalized experience. Ensure that you upload an image with 160 pixels of width and 38 pixels of height and a blank background. The supported image types are .jpeg, .png, and .svg.

  3. Click Edit and set the following configurations:

    • Inactivity Timeout: Set a period of time you can be inactive without interacting with the system. After this set time period, the application will log you out and you will have to log in again.

    • Lock Users upon Failed Login: Set the number of times a user can try to log in to the application before getting locked out. You can define to permanently or temporarily lock out the user.

    • Automatic Account Deactivation: Set the time interval after which a user account will automatically get deactivated due to inactivity in the application. For example, if a user account has not logged in to the application for over 30 days, CTIX will deactivate that account.

    • Concurrent Session: Enables you to use the application on two systems or browsers at the same time by the same user account.

    • Login Session Timeout: Specify a time limit that you can be logged into a session on the CTIX application. You are logged out of the CTIX application automatically after this time period. This time limit only applies to users added after this configuration is set up.

    • Google Recaptcha: Google reCAPTCHA helps detect abusive traffic and stops bots from accessing the CTIX application without user interaction. You can use this option to enable Google reCAPTCHA for users at the login screen of the application.

    • Max Polling Time: Set the time interval when the CTIX tenant automatically retrieves Threat Intel from the configured Sources.

    • Data Marking Preference: Set the data marking preference to define the access control mechanism for threat data objects in the platform. Traffic Light Protocol (TLP) is the default data marking preference and cannot be disabled. Turn on the ACS toggle to enable the marking of threat data objects as per Access Control Specification (ACS).

    • Email Connection Retry Count: Specify the number of times the application attempts to connect to the configured Threat Mailbox.

    • Email Connection Retry Interval: Set the time interval at which the application will attempt to retry connecting to the configured Threat Mailbox.

    • Max Feed Channels Polled: Set the number of API feeds that can concurrently poll data at the same time. You can set the value to a maximum of eight feeds to concurrently poll data.

    • Parse Domain: Automatically parses the domain values from URLs and emails from the configured Threat Mailbox and RSS feeds.

    • Parse Email from URL: Automatically parses the emails from URLs from the configured Threat Mailbox and RSS feeds.

    • Import Intel Preference: To set your preference to import intel, select one of the following:

      • Ingest partial correct file: Allows you to import all valid objects of a STIX bundle.

      • Do not ingest incorrect file: Does not allow you to import objects from a STIX bundle if the bundle includes invalid objects. By default, this option is selected.

    • AI Assist: Enable users to get AI assistance in threat investigation operations, such as advanced parsing and extraction of threat data, reporting, and more.

    • IOC Enrichment Validity: Specify a time period after which the application can re-enrich a threat data object. Setting this configuration allows you to conserve quota and prevent duplicate enrichment. This helps in the calculation of the confidence score.

  4. Click Save.

For information about the email server and proxy, see Configure Email Server and Configure Proxy Server.

Priority Polling for Feed Sources

Notice

This feature is available in CTIX from the release version v3.4.0 and later.

Select up to five feed channels to prioritize data ingestion. The platform prioritizes the selected critical feed channels as per your selection to poll threat intel in a shorter span of time.

Priority polling only supports limited feed channels that provide restricted but meaningful feeds to avoid any system overload.

Note

Ensure that you enable the feed source and respective feed channel under Administration > Integration Management > Feed Sources > API to poll the required threat intel successfully.

Third-Party Allowed Indicators

Notice

This feature is available from the release version v3.4.3 and later that are deployed on Cyware Cloud.

Configure third-party repositories, such as Majestic Million to search and retrieve well-known indicators. The third-party repositories provide a list of potentially safe indicators. With access to millions of indicators, CTIX can verify qualified incoming data to automatically mark them as allowed indicators.

The platform fetches the latest potentially trusted indicators automatically at 00:00 hrs UTC every day. After you enable this option, the platform may take several seconds to connect with the repository to get access to the array of indicators. 

You can access the latest indicators in Main Menu > My Org > Indicators Allowed > Third-Party Indicators.

Note

Currently, indicators ingested from the API feed sources are not verified with the third-party allowed indicator list. 

For more information, see Third-Party Allowed Indicators.