Cyware Threat Intelligence eXchange

Improved efficacy, accuracy, and coverage for a wide range of domain objects using Artificial Intelligence. This enhancement improves data capture and analysis while driving optimum outcomes.

Support for additional file types including all valid website URLs, HTML-based paths, CSV, text, and web-hosted PDF file formats.

Advanced regular expressions for improved threat identification and accurate detection of fanged indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs), numbers.

Enhanced attack pattern detection to fend off cyber attacks efficiently and protect systems from potential threats.

Improved user experience with faster response time and improved user interface.

Enhanced security and confidentiality of data using robust security features and model constraints in the handoff between the plugin and Intel Exchange.

Incorporate existing spokes into the hub 

Access spoke instances directly from the hub

Preview spoke details, such as license expiry, spoke URL, associated collections, and other utilization statistics

Add or remove associated collections

Decommission spokes

Edit the parsed STIX data objects or manually add new objects to ensure that the intel includes accurate and valid objects.

Add the observable category of indicators, such as mutex, account, and more, to create intel.

Preview the CSV file data and make necessary modifications before extracting objects to ensure the extraction of accurate objects.

In the parsed STIX data, identify the threat data objects that exist in the platform to prevent redundant ingestion of objects.

Additional support for the ASN and Windows Registry Key object types.

Support for the short-hand version of IPv6 values.

The maximum number of threat data objects that can be added to create intel has been increased from 4000 to 5000.

Apply Metadata to All Objects option is now enabled by default. This enhancement ensures that the objects that are created as part of the quick add intel submissions include some metadata, such as TLP, Confidence Score, and tags.

While importing threat data objects from a file, the default intel title is taken as the file name.

Configuration-driven control to import intel from files that include partially valid data.

You can download the logs from the import intel history to view the details of partially created intel or failed intel creation.

Users will receive in-app notifications about the status of all intel imports.

To prevent erroneous selection of the collection for a file format, the default collection of the selected file format is automatically selected. For example, when you select the STIX 2.0 format, the Stix2 collection is automatically selected.

To help you prioritize the analysis of related objects, the relationship table in the relationship details of threat data objects now supports the sorting of objects based on the created and modified dates in ascending and descending orders.

CrowdStrike (API Feed Source): The feed channels are enhanced to provide an option to retain the Confidence Score reported by CrowdStrike as the CTIX Confidence Score. For more information, see CrowdStrike.

Mandiant (API Feed Source): The enhancement in data mapping now ensures more accurate alignment with Intel Exchange. For example, the object ID now corresponds to the x_mandiant_id custom attribute, while the threat_score corresponds to the source Confidence Score in Intel Exchange. For more information, see Mandiant Threat Intelligence.