CTIX Feature Comparison
Read the following feature comparison table to understand which features of CTIX 2.X are retained, enhanced, or deprecated in CTIX 3.X version.
CTIX 2.x Features | Present in CTIX 3.x | Additional Details |
|---|---|---|
Dashboard | Yes | |
Reports | Yes | New Custom reports can be created using CQL New user interface Saved Searches Deprecated PDF export of reports |
Live Activity | Deprecated | Upcoming Though Live Activity is deprecated, it will be made into a Dashboard widget in the future releases |
Threat Data | Yes | New CQL contextual search New user interface with single pane view Saved Searches Associate to MITRE Tactics Observable Support Deprecated Risk Severity Action CSOL Actions |
RSS Feeds | Yes | New Ability to add metadata Ability to add Tasks and Notes Intel Packages are replaced with reports New user interface |
Threat Mailbox | Yes | New Ability to add metadata Ability to add Tasks and Notes Intel Packages are replaced with reports New user interface System can now parse data from multiple sheets of an attachment |
Twitter Feeds | Yes | New Ability to add metadata Ability to add Tasks and Notes Intel Packages are replaced with reports New user interface |
Threat Bulletin | Yes | New New user interface Add objects using CQL Add MITRE ATT&CK Matrix Add investigations Add tags Add multiple attachments Ability to download PDF Ability to send emails |
Intel Packages | Deprecated | New Intel Packages are converted to report objects. |
Threat Investigations | Yes | New Investigations Timeline Diamond Model of Intrusion Analysis New user interface |
Threat Actors | Deprecated | |
ATT&CK Navigator | Yes | New Ability to add custom techniques New user interface New custom base layer introduced to act as a repository for all custom techniques |
Analyst Workbench | Yes | |
Rules | Yes | New Rules will work on individual objects and not on intel packages. |
Actionable Indicators | Yes | New Included with Threat Data |
Tasks | Yes | New New user interface Ability to add new tasks from task management Users can now see who assigned the tasks to them |
Create Intel package | Deprecated | |
Intel Inbox | Yes | New All the received objects are directly displayed in Threat Data |
Create Threat Bulletin | Yes | New Included with Threat Bulletin |
Saved Searches | Yes | New Included with Threat Data |
Domain Fuzzer | Yes | |
Watchlist Alerts | Yes | New Included with Watchlists |
Manual Review | Yes | New Included with Threat Data |
Yara Rules | Yes | |
Indicators Allowed | Yes | |
Watchlist | Yes | New New user interface |
Tags | Yes | New New user interface Tags are now clickable and will show results in Threat Data for all intel with that tag |
Background Tasks | Yes | |
User Management | Yes | New New user interface For creating users, only email addresses and permissions are mandatory |
Integration Management | Yes | New New user interface |
Enrichment Management | Yes | |
License Management | Yes | |
Followed Data | Deprecated | |
STIX Collection | Yes | |
Configuration | Yes | New Custom Objects & attributes are a new component in the Administration module Google-sign-in is moved to Authentication Rate limit for TAXII is moved to TAXII tab Open API is a new component Deprecated Basic Setting is not a separate component Enable Duplicate Package is deprecated Default TLP is deprecated Delete TLP is deprecated Indicator Actions are deprecated |
Confidence Score | Yes | Available CTIX Confidence Score Engine |
Organization Type | Yes | |
Revoke Intel | Yes | |
Import Intel | Yes | New It will create threat data objects with any relations if available. It will not create intel packages |
Quick Add Intel | Yes | New Creates report objects and does not create intel packages |
Notifications | Yes | New New user interface Notifications are now clickable with relevant redirections |
Profile Settings | Yes | New Included with Configuration |
Help | Yes | |
Contact Support | Deprecated | |
Global Search | Deprecated | |
IOC Lookup/ Bulk Lookup | Yes | New Included with Threat Data |
Notes | Yes | New Included with Threat Data Ability to edit notes from threat data |