Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.5.1

November 2, 2023

We are excited to introduce you to the latest version of Intel Exchange (CTIX) v3.5.1. This release includes new features, new integrations, and a few enhancements.

Add and Edit Objects while Creating Intel New

Intel Exchange now extends the support to create new threat data objects while creating intel for RSS feeds, Threat Mailbox, and Sandbox. This functionality proves useful when the platform misses parsing specific items during feed scanning. You can establish a new object type or choose from existing parsed object types to introduce a new one.

For more information, see Create Intel from RSS Feeds, Create Intel from Threat Mailbox, and Create Intel from Sandbox.

Subscriber Management New

Subscriber Management enables administrators to easily monitor:

  • The list of subscribers configured in Intel Exchange

  • The list of active and inactive polling subscribers

  • The list of active and inactive inboxing subscribers

For more information, see Subscribers.

Just-in-Time Provisioning and SAML Group Authorization New

The SAML Single Sign-On (SSO) feature in Intel Exchange now offers a more streamlined user provisioning and authorization process by leveraging identity provider (IdP) applications such as Okta. This feature enables administrators to seamlessly grant access to new users and ensure that the existing users are authorized with the appropriate permissions when the users sign in to the application.

Administrators can map the SAML group names to the user groups of Intel Exchange. The Intel Exchange user group matches the IdP user group to grant users the appropriate access.

Screenshot_2023-10-27_at_5_27_48_PM.png

Note

Upgrade Note: If you are currently using SAML for authentication and wish to set up group-based authorization, after upgrading to Intel Exchange v3.5.1 you must first map the SAML group names with the corresponding Intel Exchange user groups. Intel Exchange is set to use a default group attribute value, which is memberOf, and expects the SAML assertion response to contain the value of memberOf for the group attribute. If you are using a different group attribute value, you can change it in the SAML configuration.

For more information, see Configure SAML 2.0 as the Authentication Method, Create User Group, and Create User.

Integrations

The following integrations are newly introduced or enhanced with this release:

  • CrowdStrike EDR (Internal Application: Endpoint Detection Response): This integration provides actions to upload and delete indicators from the CrowdStrike EDR application. For more information, see CrowdStrike EDR.

Other Enhancements

The following are a few enhancements introduced with this release:

  • To reduce redundant efforts spent on reviewing RSS and Threat Mailbox feeds by multiple analysts, Intel Exchange now offers the capability to mark these feeds as reviewed.

  • For parallel analysis of multiple threat data objects, Intel Exchange now empowers you to open individual threat data objects in new browser tabs.

  • The ISAC module under Administration > Integration Management > Feed Sources is now renamed as Information Sharing. This change aims to accommodate not only ISAC but also other information authorities, such as CERT authorities.