Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.2.1.0

The CTIX v3.2.1.0 release comes with a new feature, a few enhancements, and a bug.

New Feature

Configure Proxy Server Settings

As an administrator, you can now configure proxy server settings for CTIX on-premise deployments. A proxy server acts as an intermediate interface between the CTIX server and the internet. Configure the proxy server settings to add an extra layer of protection to your application. You can also specify IP addresses and domains that don't need to pass through a proxy.

Proxy_Setting_3210.png

Enhancements

Confidence Score

The Confidence Score in the v3.2.1.0 release comes with the following enhancements:

  • Confidence Score is calculated twice.

    • Before enrichment: First time the score is calculated using the source sightings score, relations score, and source confidence score.

    • After enrichment: The confidence score is updated using the enrichment policy score. The enrichment policy score is dependent on external tools integrated with CTIX and it may take some time to calculate this score.

  • An indicator that is enriched within 'x' number of days will not be re-enriched. You can configure 'x' from Administration > Configuration > Enrich a previously enriched IOC again after and has a default value of 24 hours.

  • The daily quota defined for enrichment tools in CTIX is reset at 12 AM as per your CTIX local server time zone.

  • The enrichment tools enrich an indicator only once even if they are associated with multiple enrichment policies.

  • Confidence Score initially appears as zero for some time and is updated as soon as the system finishes the Confidence Score calculation.

Early Reporters Widget in Feeds ROI Dashboard

The Early Reporters widget on the Feeds ROI dashboard is enhanced to show the metrics on feed sources that are early reporters of threat intel. These metrics help analysts determine their return of investment (ROI) on feed sources providing relevant and timely threat intel.

Download PDF for Published Threat Bulletin

CTIX enables analysts to download the threat bulletin PDFs directly from notifications instead of receiving them in emails.

Automation Rules

Configuring rules for all sources and collections is no longer supported in CTIX 3.2.1.0 and higher versions. Any existing rules configured for all sources and collections are disabled and administrators have to configure them again with required sources and collections.

Enrichment Policy

Configuring enrichment policies for all sources and collections is no longer supported in CTIX 3.2.1.0 and higher versions. Any existing policies configured for all sources and collections are disabled and administrators have to configure them again with required sources and collections.

Bugs

  • The issue with authenticating and adding certificates while configuring STIX 2.x sources is now fixed.