Cyware Threat Intelligence eXchange

Reversing Labs (Enrichment Tool): Intel Exchange integrates with Reversing Labs to enrich MD5, SHA1, and SHA256 hashes. This integration adds contextual information to seemingly isolated threat data, gives you visibility into threats, and makes the threat investigation faster. For more information, see ReversingLabs.

Administrators can now view the daily ingestion of threat data feeds in the platform in License Management.

Administrators can now create internal custom attributes to add organization-specific details to a threat data object in Administrator > Custom Entities Management. These custom attributes are solely created for internal usage and are never published to collections or shared with subscribers.

Read-only users now have permission to view the enrichment details of threat data objects.

Analysts can now use the Run Rule option for malware and vulnerability threat data objects In Threat Data and Threat Investigations.

Cyware Query Language (CQL) now extends support for IN and NOT IN operators for all CQL parameters.

Analysts can now view the threat data object associated with the newly created tasks in Global Task.

Intel Exchange has deprecated support for Anamoli Threatstream and Virus Total V2 integrations.

Intel Exchange has now deprecated support for the Feed Notification element while adding a STIX source in Administrator > Integration Management > FEED SOURCES > STIX.

Intel Exchange has now deprecated support for Vulnerability: Risk Severity and Course of Action elements from Basic Details In Main Menu > Threat Data.