Data Limits
Understand the data limits of various features in the CTIX application.
Threat Data Limits
View Threat Data
At a time, you can view a maximum of 50,000 records in Threat Data.
Export Threat Data
At a time, you can export a maximum of 100,000 records from the Threat Data into a CSV file.
Threat Data Source Details
For threat data objects, analysts can view the latest seven entries of sources that sent threat intel to CTIX in Threat Data > Source Details. For indicators, analysts can view all entries. This functionality is not applicable to indicators.
IOC Lookup Limits
The maximum size of the excel sheet that you upload for the lookup is 10 MB.
From this excel sheet, a maximum of 10,000 records are taken up for the lookup. If there are more than 10,000 records, only the first ten thousand records are fetched.
API Feed Polling Data Limits
While configuring API feeds, you can poll for the last 15 days' data for API feed source providers.
If you need to extend the polled days limit beyond 15, contact Cyware Support.
Watchlist Limits
You can create a maximum of 100 watchlist records in the system.
Every watch list record created should at least consist of three characters.
Import Intel Limits
The Cyware CSV file size must be less than 10 MB. The first 10,000 records in the file are processed. Blank rows are also considered in the 10,000 records. If the file has more than 10,000 records, only the first 10,000 records are processed.
Run Rule Limits
For running the rule manually, you can select a maximum of 15 days worth of past data.
If you need to extend the polled days limit beyond 15, contact Cyware Support.
Threat Mailbox Limits
Any email in the threat mailbox that has total attachments above 10MB is not parsed.
At a time, a maximum of 50000 characters are parsed from the attachments.
You can create intel for a maximum of 4000 STIX objects at a time from the threat mailbox email attachments.
Quick Add Intel Limits
Using the Quick Add Intel feature, you can add intel to the CTIX application by providing just a few details.
When passing data into CTIX using the Free text, Import File, or from a URL, 50,000 characters are parsed in CTIX at a time. If the URL, imported file, or free text submission has more than 50,000 characters then only the first 50,000 characters are parsed.
From these 50,000 characters parsed, intel is created for a maximum of 4000 STIX objects at a time in CTIX.
Reports Limits
While scheduling a report, you can publish a maximum of 100,000 records at any moment in the CTIX application.
Allowed Indicators Limits
You can add a maximum of 11,000 indicators to the allowed list in CTIX if you are using Cyware On-Premise.
However, if you are using Cyware Cloud, you can add a maximum of 100,000 indicators to the allowed list.
Third-Party Ignored Indicators Limit
You can add a maximum of 1000 third-party ignored indicators in the CTIX platform from the configured repository.
Audit Logs Limits
In Audit Log Management, administrators can view User (API) Activity Logs for the last 7 days.
Read-Only Users and Groups Limit
You can add a maximum of 100 read-only groups in the CTIX application.
To determine the number of users with read-only permissions, the unique count of the number of users across all read-only groups will be calculated. For example, if User A is a member of two read-only groups, they will be counted as one read-only user.
The count of Read-Only users will only include active, non-Cyware users.
Custom Attributes Limits
The maximum supported size for the value of a custom attribute is 32 KB, equivalent to 32,766 characters. While ingesting, if a custom attribute value exceeds this limit, the additional characters are discarded.