Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.1.1

The CTIX v3.1.1 release comes with a few enhancements and minor bug fixes.

Enhancements

Add Twitter IOCs to Allowed Indicators

CTIX allows you to directly add IOCs fetched from Twitter feeds to the allowed indicators list. Adding an IOC to the allowed indicators list marks it safe to use and ignores it during threat data analysis by the analysts.

Automatic Intel Creation from RSS and Threat Mailbox

CTIX allows you to automate the intel creation process for IOCs received from RSS and Threat Mailbox feed sources.

The intel creation process can be automated for all the object types or you can select the specific object types while adding a new RSS and Threat Mailbox feed source.

New STIX Components in Detailed Submission

CTIX supports the following new STIX components while creating intel using Detailed Submission:

  • Report

  • Tool

  • Location

  • Identity

  • Infrastructure

For all these components you can:

  • Define relationship with other objects

  • Add sightings information about the component

  • Publish components to collections and inbox

Kill Chain and Kill Chain Phase

CTIX enables you to attach a kill chain and its phases when you create intel using Detailed Submission. You can either create a custom kill chain and its phases using Custom Entities Management under Administration or use the existing kill chain and its phases available in the system. By default, CTIX provides Lockheed Martin and MITRE kill chains with their defined phases.

You can apply a kill chain to the following STIX components while creating a detailed submission:

  • Indicator

  • Malware

  • Attack Pattern

  • Infrastructure

  • Tool

API Integration Connectors

CTIX supports Mandiant, iDefense, and Intel471 API integration connectors to fetch API feed sources. Using these API connectors, you can receive up-to-date malware, vulnerability, and adversary intelligence in the CTIX platform.

Task Notifications

CTIX automatically sends an email notification to the assignee when you create and assign a task using the following components:

  • Global Tasks

  • ATT&CK Navigator

  • RSS Feeds

  • Threat Mailbox

  • Threat Data

  • Twitter

Bugs

  • The issue with the publishing of Threat Bulletin when no indicator was selected is now fixed.

  • The issue with displaying the following logs when you add the same IOC using Quick Add in Activity Timeline in Threat Investigations is now fixed:

    • undeprecated IOC logs

    • allowed indicators logs

    • false positive IOC logs