Release Notes 3.5.2
January 29, 2024
We are excited to introduce you to the latest version of Intel Exchange (CTIX) v3.5.2. This release includes new features, new integrations, and a few enhancements.
Configure System Notifications New
Administrators can configure system notifications to receive timely in-app and email notifications about errors in feed sources, subscribers, and rules. This enables administrators to take proactive measures and prevent any disruptions in the platform.
For more information, see Configure System Notifications.
Add Custom Aliases New
In addition to the aliases received from feed sources for Threat Actors, Malware, Attack Patterns, Campaigns, Infrastructures, Intrusion Sets, and Tools, users can add custom aliases to the objects. This enhancement enables users to filter the threat data objects by custom aliases.
For more information, see Threat Data Objects.
Delete Objects New
Users can now delete any type of threat data objects using bulk and quick actions including published objects and objects with relationships. This enhancement helps users delete objects that do not need further analysis.
For more information, see Perform Bulk Actions on Threat Data and Quick Actions.
Receive Indicators from Slack Using Webhook New
Slack is available as an application to configure webhooks. This feature enables administrators to configure outgoing webhooks in Slack and receive indicators from Slack channels.
For more information, see Add New Webhook.
Export Relationship Details of Objects New
Users can export the details of the related objects of a threat data object in CSV format. This enhancement enables users to analyze the relationship details offline and share the details with users who do not have access to Intel Exchange.
For more information, see Export Threat Data Objects.
Remove Tags from Objects in Bulk New
Users can remove multiple tags from different threat data objects in one operation using the bulk actions in Threat Data. This enhancement helps users eliminate redundant efforts to remove tags from individual objects.
For more information, see Perform Bulk Actions on Threat Data.
Reports Enhanced
In addition to the once, daily, weekly, and monthly intervals, reports now support scheduling report generation at hourly intervals. This enhancement enables users to generate reports at a specified number of hours.
For more information, see Schedule Reports.
Rules Enhanced
New conditions named Source CVSSv2 Score and Source CVSSv3 Score are introduced to use with the Vulnerability intent type. These conditions enable users to run rules based on the CVSS scores of vulnerabilities.
The condition TAGS is now available to use with all intent types. This tag enables users to run rules based on the tags added to threat data objects.
Detailed Submission Enhanced
Users can now view the details of the creator and last modifier of a detailed submission for effective tracking.
For more information, see Manage Detailed Intel Submissions.
Integrations
The following integration has been newly introduced with this release:
Crowdstrike (Enrichment Tool): This integration has been newly introduced to enrich hashes to retrieve complete relationship details.
The following integrations are enhanced with this release:
MISP (API Feed Source):
The Retrieve MISP Events feed channel has been enhanced to allow filtering of feeds based on the sharing group and organization. For more information, see MISP.
You can also ingest NCFTA feeds using the MISP integration. For more information, see Retrieve NCFTA Feeds into Intel Exchange.
Crowdstrike (API Feed Source): The feed channels to retrieve SHA1, SHA256, and MD5 hash feeds are now merged with the Retrieve Hash Feeds channel. Administrators configure the channel to choose the hash type feed to be retrieved.
PhishLabs (API Feed Source): The Fetch ETI Feeds channel has been enhanced to ingest feeds related to indicators, such as emails, URLs, domains, and attachments.
Polyswarm (API Feed Source): The default base URL of the Polyswarm API feed source is updated from v2 to v3. The new default base URL is
https://api.polyswarm.network/v3/stix
.RiskIQ (Enrichment Tool): This integration has been enhanced to retrieve additional details of threat data objects, such as classification (malicious or non-malicious), score, rules, and last seen.