We are excited to introduce you to the latest version of Intel Exchange (CTIX) v3.5.0. This release includes a new feature, a few integrations, and a few enhancements.
Analysts can add custom widgets to create custom dashboards and advanced reports using CQL-based saved searches.
For more information, see Dashboards and My First Dashboard: A Step-by-Step Tutorial.
The following integration is newly added with this release:
Reversing Labs (Enrichment Tool): Intel Exchange integrates with Reversing Labs to enrich MD5, SHA1, and SHA256 hashes. This integration adds contextual information to seemingly isolated threat data, gives you visibility into threats, and makes the threat investigation faster.
The following are a few enhancements introduced with this release:
Administrators can now view the daily ingestion of threat data feeds in the platform in License Management.
Administrators can now create internal custom attributes to add organization-specific details to a threat data object in Administrator > Custom Entities Management. These custom attributes are solely created for internal usage and are never published to collections or shared with subscribers.
Read-only users now have permission to view the enrichment details of threat data objects.
Analysts can now use the Run Rule option for malware and vulnerability threat data objects In Threat Data and Threat Investigations.
Cyware Query Language (CQL) now extends support for IN and NOT IN operators for all CQL parameters.
Analysts can now view the threat data object associated with the newly created tasks in Global Task.
The following are a few deprecations made with this release:
Intel Exchange has deprecated support for Anamoli Threatstream and Virus Total V2 integrations.
Intel Exchange has now deprecated support for the Feed Notification element while adding a STIX source in Administrator > Integration Management > FEED SOURCES > STIX.
Intel Exchange has now deprecated support for Vulnerability: Risk Severity and Course of Action elements from Basic Details In Main Menu > Threat Data.