Release Notes 3.2.1.0
The CTIX v3.2.1.0 release comes with a new feature, a few enhancements, and a bug.
New Feature
Configure Proxy Server Settings
As an administrator, you can now configure proxy server settings for CTIX on-premise deployments. A proxy server acts as an intermediate interface between the CTIX server and the internet. Configure the proxy server settings to add an extra layer of protection to your application. You can also specify IP addresses and domains that don't need to pass through a proxy.
Enhancements
Confidence Score
The Confidence Score in the v3.2.1.0 release comes with the following enhancements:
Confidence Score is calculated twice.
Before enrichment: First time the score is calculated using the source sightings score, relations score, and source confidence score.
After enrichment: The confidence score is updated using the enrichment policy score. The enrichment policy score is dependent on external tools integrated with CTIX and it may take some time to calculate this score.
An indicator that is enriched within 'x' number of days will not be re-enriched. You can configure 'x' from Administration > Configuration > Enrich a previously enriched IOC again after and has a default value of 24 hours.
The daily quota defined for enrichment tools in CTIX is reset at 12 AM as per your CTIX local server time zone.
The enrichment tools enrich an indicator only once even if they are associated with multiple enrichment policies.
Confidence Score initially appears as zero for some time and is updated as soon as the system finishes the Confidence Score calculation.
Early Reporters Widget in Feeds ROI Dashboard
The Early Reporters widget on the Feeds ROI dashboard is enhanced to show the metrics on feed sources that are early reporters of threat intel. These metrics help analysts determine their return of investment (ROI) on feed sources providing relevant and timely threat intel.
Download PDF for Published Threat Bulletin
CTIX enables analysts to download the threat bulletin PDFs directly from notifications instead of receiving them in emails.
Automation Rules
Configuring rules for all sources and collections is no longer supported in CTIX 3.2.1.0 and higher versions. Any existing rules configured for all sources and collections are disabled and administrators have to configure them again with required sources and collections.
Enrichment Policy
Configuring enrichment policies for all sources and collections is no longer supported in CTIX 3.2.1.0 and higher versions. Any existing policies configured for all sources and collections are disabled and administrators have to configure them again with required sources and collections.
Bugs
The issue with authenticating and adding certificates while configuring STIX 2.x sources is now fixed.