Cyware Threat Intelligence eXchange

We have introduced read-only groups for administrators to manage users who want to view data without making changes. This improves collaboration among threat intelligence teams and makes sure everyone has access to the same information. For example, you can use a read-only group and allow users to view threat data, create private saved searches, and view ATT&CK navigator.

CTIX provides a default Read Only group with read-only permissions applied for specific components which can be updated by administrators. In addition to this, administrators can also create custom read-only groups and assign read-only permissions as required.

To learn more about read-only groups and users, see Read-Only User Groups.

CTIX supports JIT user onboarding through SAML authentication method. New users are automatically added to the platform when they login for the first time, provided that they are present in an identity provider database. Users who are onboarded to CTIX through JIT are assigned to the out-of-the-box Read Only group. The administrator can later move read-only users to other groups.

Administrators can now choose between two types of IDs for publishing threat data objects - the Threat Data ID or the Publishing ID. By default, CTIX uses Threat Data ID for publishing indicators.

You can choose an ID type that meets the requirements of your threat intel operations.

To learn more about this configuration, see Configure TAXII Preferences.

CTIX now offers context-sensitive help documentation for all its features. For example, when accessing the help documentation from the Threat Data module, the relevant help documentation regarding threat data will open automatically.