Release Notes 3.4.0
June 16, 2023
We are excited to introduce you to the latest version of Cyware Threat Intelligence eXchange (CTIX) v3.4.0.
Revoke Intel New
Analysts can now revoke a published indicator if it is unintentionally published or is marked as a false-positive. After revoking an indicator, the platform re-publishes the indicator to all the published collections with the status conveying that the indicator is revoked.
Analysts can perform the following actions:
Revoke an indicator using Quick Actions.
Search for revoked indicators using filters and CQL queries.
View revoked indicator details in the Published Collections card.
If CTIX receives a revoked indicator from any source, the platform re-publishes the indicator to all the configured collections and resets the revoked status.
For more information, see Quick Actions and CTIX API Documentation.
Priority Polling for Feed Channels New
CTIX adds support for administrators to prioritize feed channels to quickly receive and action on the most relevant threat intel for your organization. This helps to accelerate the polling process for essential threat intel, thereby optimizing the overall time taken to act. The priority polling list supports a selected set of feed channels to avoid system overload.
For more information, see Configure General Settings.
Other Enhancements
Following are some enhancements introduced with CTIX v3.4.0 release:
Threat Data: CTIX adds support for analysts to view and filter threat intel using the Relation Created Date and Relation Modified Date parameters for a relationship in Threat Data.
Threat Defender Library: CTIX now supports validating a .doc file for creating a YARA rule using Threat Defender Library.
Float Input: CTIX now supports the ingestion of float data type value for Custom Objects. For example, while creating intel using Quick Add Intel and Detailed Submission, analysts can ingest values like 8.7 for CVSS scores.
Inbox Data to ISAC Sources: CTIX now supports inbox capabilities for ISAC sources, that is, you can now send data back to an ISAC source using Rules.
OpenAPI Enhancements
CTIX adds support for analysts to fetch details of indicators using the indicator ID and indicator value from the Bulk IOC Advanced Lookup OpenAPI endpoint.
For more information, see CTIX API Documentation.
Bug Fixes
Following are some bug fixes provided with the CTIX v3.4.0 release:
In Threat Data, the issue of loading a large volume of records per page is now set to a maximum of 50 records per page.
When creating intel in Threat Mailbox, the issue of auto-populating metadata for Observable threat data objects is now fixed.
The issue with the delay in generating Flashpoint and Mandiant reports is now fixed.
When creating intel using Quick Add Intel, the issue of adding multiple IOCs is now fixed by using breaks as a separator. For example:
1.21.3.48 www.sampleURL.com 56.12.4.2 www.CTIXsampleURL.com
Deprecated Elements
CTIX has deprecated support for Base Score and Overall Score from the Vulnerability object while defining conditions in Rules.