Release Notes 3.1.0.1
The CTIX 3.1.0.1 release comes with a few improvements, minor bug fixes, and a new feature.
New Features
Web Scraper
CTIX offers a web scraper to extract and fetch threat intel from websites. Administrators can configure any trusted web page or site that provides useful IOCs for threat hunting operations.
IOCs or intel extracted from these web pages can help analysts in correlating artifacts to connect the dots for a threat or cyber attack.
As an analyst, you can:
Enrich and correlate the extracted threat data before sharing it as threat intelligence.
Schedule source polling time using the Polling Cron Schedule.
Add metadata details about the Web Scraper URL, such as TLP, source confidence, and URL title.
Group the extracted threat intel under a source for better organization and categorization.
Bugs
The issue with receiving malicious URLs from Intel471 is now fixed.
When a domain, IP address, or an IOC is marked as an allowed indicator, the matching indicators, such as objects coming from the same domains are also marked as allowed indicators.
The confidence score for deprecated IOCs is not calculated anymore.
The hub source, STIX 2.1 is now visible when you access a spoke.
The availability issue of the Feeds ROI and Rules dashboards in both CTIX hub and spoke environments is now fixed.
Emails with attachments above 10 MB in size are not parsed in the Threat Mailbox. CTIX can parse only up to 50000 characters of the attachments. You can choose up to 4000 indicators from the attachments to create intel in the Threat Mailbox.
Relations among the threat data objects are now visible on the Relations tab of a threat data object.
The issue with the intel status of the imported file is now fixed in Quick Add Intel.