Release Notes 3.2.0.0
The CTIX v3.2.0.0 release comes with new features, a few enhancements, and minor bug fixes.
New Features
CTIX-CFTR Integration
CTIX offers seamless integration with CFTR to enable security analysts to create cases for the threat data objects available in CTIX that require detailed investigations. The created cases can then be assigned to the security analysts in CFTR to investigate further and take necessary actions as part of the incident response process.
Enhancements
Manual Rule Run from Threat Data and Threat Investigations
You can manually run a rule on indicators from Threat Data and Threat Investigations. For CTIX to run a rule manually, you must create a rule with the Run Rule Manually Only policy. You can perform a manual run on a single indicator or on multiple indicators from the Threat Data and Threat Investigations using bulk actions.
New STIX Component in Detailed Submission
CTIX supports the Campaign STIX component while creating intel using Detailed Submission. A campaign is a grouping of adversarial behaviors that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets.
For the Campaign component you can:
Define relationship with other objects
Add sightings information about the component
Publish components to collections and inbox
Bugs
The issue with the pending status of the creating intel with IP address and port using Quick Add Intel is now fixed.