Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.3.0

We are excited to introduce you to the latest version of Cyware Threat Intelligence Exchange - v3.3.0. This release comes with new features, a few enhancements, and minor bug fixes.

New Features

Collaborate Using Global Notes

Analysts can create and maintain notes in CTIX with additional information that they want to share with their internal teams and other analysts. Notes can include indicators, threat data, actionable tasks, general comments, or any other details. It makes it easier for analysts to investigate and draw context irrespective of what team they are part of. Global Notes show aggregated notes written across every module in CTIX.

Analysts can:

  • Create new notes

  • Search for any existing notes

  • View the notes that they created

Global Notes are accessible to all CTIX users within CTIX and it eliminates the need to send out individual email notifications. Apart from Global Notes, analysts can also create notes from the following modules in CTIX:

  • Twitter feeds

  • RSS feeds

  • Threat Mailbox

  • Threat Investigations

  • Threat Data

  • ATT&CK Navigator

Screenshot_2022-09-16_at_11_50_54_AM.png
Analyze Failure Logs for Intel Submission

Analysts can view logs with details of any failures that may occur while submitting intel in CTIX using a threat bulletin or detailed submission form. This helps analysts track their intel submissions and troubleshoot issues.

Analysts can:

  • Download the logs to view and analyze the failures

  • Analyze and fix any errors for partial success or for failed intel

  • Re-submit the intel

Failure_Logs.png
Configure New Feed Integrations

CTIX continues to expand and add new feed integrations with varied feed source providers so that you can access relevant and timely threat intel and take necessary actions.

The following new feed Integrations are included in this release:

  • Blueliv: Integrate Blueliv feeds into CTIX to receive malware and IP related threat intel.

  • SecneurX: Integrate SecneurX feeds into CTIX to receive indicators, malware, and its associated threat intel.

  • Kaspersky: Integrate Kaspersky feeds into CTIX to receive hash, URL, and IP related threat intel.

  • PolySwarm: Integrate Polyswarm feeds into CTIX to receive indicator related threat intel.

Integrations__2_.png
Integrate Microsoft Azure Sentinel SIEM with CTIX

Analysts can create, update, or delete IOCs in Microsoft Azure Sentinel SIEM by configuring integration between Microsoft Azure Sentinel and CTIX.

This integration helps provide the latest, updated, and actionable IOC data in Microsoft Azure Sentinel that in turn can aid proactive threat hunting and threat response.

Azure_Sentinel__2_.png

Enhancements

Delete Draft Intel

Analysts can delete intel that is in draft status in their detailed form submissions. Analysts can delete intel that they no longer require. This helps analysts keep track of intel created in the system and prevent clutter.

discard_intel.png
Create Intel from Partially Processed Twitter Feeds Data

Analysts can create intel from partially processed IOCs received from Twitter feeds. This enables analysts to utilize the available IOCs and track them for any malicious activity.

TwitterPartialParsing3_3_0.png
New Filters in ATT&CK Navigator

Analysts can filter the threat data in MITRE ATT&CK navigator based on:

  • Sources from where the IOCs are received

  • The system created date of the IOC

  • The System modified date of the IOC

MITRE.png
Enrichment Tools Quota Details

Administrators can view the quota consumed by each enrichment tool configured in the CTIX application. This can help them manage the quota of their tools.

Enrichment_Tools_Quota_Details.png
Enrichment Source Details in Threat Data

Data received from the enrichment sources are marked as enrichment in the Threat Data details. Using this column, analysts can identify and filter data received from enrichment sources.

Screenshot_2022-11-08_at_11_56_40_AM.png
Last Quota Reset Timestamp for Enrichment Tools

Administrators can view the date and time at which the quota of an enrichment tool was last reset. Using the Total Quota, Used Quota, and the last Reset Date, analysts can understand the frequency of quota consumption and use this data to reset the quota for an enrichment tool.

Screenshot_2022-11-08_at_10_27_25_AM.png
Default STIX Collection

Analysts can use the newly added default STIX collection in CTIX to publish and poll data in case no other collection is available.

Screenshot_2022-11-08_at_6_58_12_PM.png
Error Handling Data for Subscriber Logs

Administrators can fetch payload and response data used in the API call for a subscriber in case an error is encountered. This allows the administrators to check the data sent and understand the reason for the error.

Subscriber_logs_3_3.png

Renamed Features

A few user interface elements in the following features are renamed in the CTIX application for better clarity.

Threat Investigations

In Threat Investigations, CTIX Enrichment is renamed to Analyze Relations using CTIX.

Threat Data Creation and Modification Dates

The threat data creation and modification dates are relabelled as follows:

  • System Created Date: The date on which a threat data object was created in CTIX.

  • System Modified Date: The date on which a threat data object was modified in CTIX.

  • Source Created Date: The earliest date on which a threat data object was reported by a source.

  • Source Modified Date: The latest date on which a threat data object was modified by a source.

These dates are also included in the threat data filters and CQL to help filter and fetch specific threat data based on these criteria.

Stability and Performance Optimization

This release includes significant product stability and performance optimization improvements.

Bug Fixes

  • Included fixes for successfully exporting the list of subscribers in CTIX into a CSV file.

  • Included fixes for successfully exporting the IOCs not available CSV file while performing Bulk IOC Lookup.

  • Included fixes to correctly redirect the users to Threat Data from all widgets on the dashboard.

  • Included fixes to correctly list the IOCs received from one source and multiple collections under one source.

  • Included fixes to enable users to unsubscribe from the threat feeds after changing the polling frequency.

  • Included fixes for processing IPV6 IOC types in the application.

  • When CTIX receives intel from CSAP, the source of intel is now correctly marked as CSAP.

  • Included fixes to enable users to run rules and publish the same object received multiple times through Import intel or Quick Add Intel.

  • Minor user navigation issues between widgets and threat data are resolved.

  • Minor fixes are included for the enrichment management module.

Deprecated Features

The following features are deprecated in the CTIX application from this release.

  • Support for sending data anonymously - The option to hide the sender's information from the collection's inbox which facilitates users to send data anonymously is deprecated from Rules, Threat Mailbox and Detailed Submission.

  • Support for Replace File - While importing files into the CTIX application, Replace File that replaces an uploaded file in New > Import Intel is removed from the application.

  • Password and OTP Expiration in CTIX Spoke - While creating a new spoke, the Password link expire time (min) and OTP expire time (sec) options are removed. The email containing the username and password for the spoke admin will have a password expiration time of 24 hours.

  • Support for enriching a previously enriched IOC in hours - Users cannot specify a value in hours to enrich a previously enriched IOC. However, they can still specify a value in days.

  • Integration with Alexa Ranking - Integration with Alexa Ranking as an enrichment tool is removed from the CTIX application as Alexa Ranking no longer provides this functionality.