Release Notes 3.1.1
The CTIX v3.1.1 release comes with a few enhancements and minor bug fixes.
Enhancements
Add Twitter IOCs to Allowed Indicators
CTIX allows you to directly add IOCs fetched from Twitter feeds to the allowed indicators list. Adding an IOC to the allowed indicators list marks it safe to use and ignores it during threat data analysis by the analysts.
Automatic Intel Creation from RSS and Threat Mailbox
CTIX allows you to automate the intel creation process for IOCs received from RSS and Threat Mailbox feed sources.
The intel creation process can be automated for all the object types or you can select the specific object types while adding a new RSS and Threat Mailbox feed source.
New STIX Components in Detailed Submission
CTIX supports the following new STIX components while creating intel using Detailed Submission:
Report
Tool
Location
Identity
Infrastructure
For all these components you can:
Define relationship with other objects
Add sightings information about the component
Publish components to collections and inbox
Kill Chain and Kill Chain Phase
CTIX enables you to attach a kill chain and its phases when you create intel using Detailed Submission. You can either create a custom kill chain and its phases using Custom Entities Management under Administration or use the existing kill chain and its phases available in the system. By default, CTIX provides Lockheed Martin and MITRE kill chains with their defined phases.
You can apply a kill chain to the following STIX components while creating a detailed submission:
Indicator
Malware
Attack Pattern
Infrastructure
Tool
API Integration Connectors
CTIX supports Mandiant, iDefense, and Intel471 API integration connectors to fetch API feed sources. Using these API connectors, you can receive up-to-date malware, vulnerability, and adversary intelligence in the CTIX platform.
Task Notifications
CTIX automatically sends an email notification to the assignee when you create and assign a task using the following components:
Global Tasks
ATT&CK Navigator
RSS Feeds
Threat Mailbox
Threat Data
Twitter
Bugs
The issue with the publishing of Threat Bulletin when no indicator was selected is now fixed.
The issue with displaying the following logs when you add the same IOC using Quick Add in Activity Timeline in Threat Investigations is now fixed:
undeprecated IOC logs
allowed indicators logs
false positive IOC logs