Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.3.1

We are excited to introduce you to the latest version of Cyware Threat Intelligence Exchange v3.3.1. This release comes with new integrations, a few enhancements, and minor bug fixes.

New Integrations

API Feed Integrations

CTIX continues to expand and add new feed integrations with varied feed source providers to access relevant and timely threat intel and take necessary actions.

The following new feed Integrations are included in this release:

  • Feedly: Integrate Feedly threat intel in CTIX to receive IPs, URLs, hashes, and domains to monitor exploitable vulnerabilities.

  • Cybersixgill: Integrate Cybersixgill threat intel in CTIX to access, automate, and operationalize the dark feed and Dynamic Vulnerability Exploit (DVE) threat intel coming from Cybersixgill.

  • National Vulnerability Database (NVD): Integrate NVD threat intel in CTIX to enable security analysts to fetch Common Vulnerabilities and Exposures (CVEs) and Known Exploited Vulnerabilities (KEVs).

Enhancements

CQL Keyboard Shortcuts

In CTIX, analysts can use the following keyboard shortcuts to copy a CQL query in an Open API format to fetch the results in an Open API environment:

  • MacOS Environment: Command + Shift + C

  • Windows Environment: Windows + Shift + C

The following screen shows the CQL query in CTIX:

CTIX_CQL_KeyboardShortcut_331.png

The following screen shows the CQL query copied from CTIX using keyboard shortcuts in the Open API environment to fetch results:

CQL_Keyboard_Shortcut.png

Open API

  • Ingest IOCs using IOC lookup: Previously, when an analyst performed an IOC lookup, the system would return the details of the IOCs existing in the platform. Analysts can now choose to ingest a maximum of 1000 indicators using the bulk-lookup-and-create API endpoint. In case an IOC is not present in the platform, and a user chooses to ingest IOCs, CTIX will automatically create a new record for the IOC and attach a created_using_openapi_lookup tag to it. Analysts can also search and identify the IOCs ingested during the lookup using this tag in Threat Data.

  • Define source details while creating intel: Previously, when an analyst created intel using Open API, the source would reflect as Open API in the CTIX platform. Analysts can now choose to define a source name and source collection while creating intel using Open API. The created intel is available in Threat Data. This allows analysts to:

    • Filter and search for the data using the respective source name and collection in Threat Data.

    • Group the created intel in a defined collection, and correlate it with other threat data objects coming from a defined source.

Procedure and Detection Details in ATT&CK Navigator

Analysts can view procedures and detection details related to specific techniques and sub-techniques in ATT&CK Navigator.

This allows analysts to:

  • Track and understand the pattern of procedures performed by the attackers before and after the breach.

  • Detect the pattern and specify the methods performed by your organization to control the breach.

  • Map attack patterns with specific MITRE techniques and sub-techniques.

CTIX_AttackNavigator_331.png

Renamed Features

The following configuration is renamed in the CTIX application for better clarity:

In Configuration > General Settings, the configuration Enrich a previously enriched IOC again after is renamed to IOC Enrichment Validity.

Bug Fixes

  • The connection error faced during the bidirectional sharing of threat intel between CTIX and CSAP is now fixed.

  • The issue faced while sending SDOs as reports from CTIX to CSAP is now resolved.

  • The accuracy of search results for tags is improved.

  • Error handling capabilities of the platform are improved.

  • The issue with the categorization of threat data elements based on the enrichment status is now fixed.

  • The issue with the visibility of tags added using rules on the threat data listing page is fixed.