Skip to main content

Cyware Threat Intelligence eXchange

Release Notes 3.6.0

February 15, 2024

We are excited to introduce you to the latest version of Intel Exchange (CTIX) v3.6.0. This release includes new features, new integrations, and a few enhancements.

Cyware Threat Intel Crawler v2.0 New

The Chrome extension build of the Cyware Threat Intel Crawler v2.0 is now available on the Chrome Web Store for download. The key features include:

  • Improved efficacy, accuracy, and coverage for a wide range of domain objects using Artificial Intelligence. This enhancement improves data capture and analysis while driving optimum outcomes.

  • Support for additional file types including all valid website URLs, HTML-based paths, CSV, text, and web-hosted PDF file formats.

  • Advanced regular expressions for improved threat identification and accurate detection of fanged indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs), numbers.

  • Enhanced attack pattern detection to fend off cyber attacks efficiently and protect systems from potential threats.

  • Improved user experience with faster response time and improved user interface.

  • Enhanced security and confidentiality of data using robust security features and model constraints in the handoff between the plugin and Intel Exchange.

For more information, see Configure Cyware Threat Intel Crawler.

Spoke Management in Hub Enhanced

Spoke management has been enhanced to enable administrators to manage spokes from the hub instance. You can now perform the following activities to manage spokes in the hub:

  • Incorporate existing spokes into the hub 

  • Access spoke instances directly from the hub

  • Preview spoke details, such as license expiry, spoke URL, associated collections, and other utilization statistics

  • Add or remove associated collections

  • Decommission spokes

For more information, see Hub and Spoke.

Quick Add Intel Enhanced

You can now perform the following activities while creating intel using Quick Add Intel:

  • Edit the parsed STIX data objects or manually add new objects to ensure that the intel includes accurate and valid objects.

  • Add the observable category of indicators, such as mutex, account, and more, to create intel.

  • Preview the CSV file data and make necessary modifications before extracting objects to ensure the extraction of accurate objects.

  • In the parsed STIX data, identify the threat data objects that exist in the platform to prevent redundant ingestion of objects.

Quick Add Intel also includes the following enhancements:

  • Additional support for the ASN and Windows Registry Key object types.

  • Support for the short-hand version of IPv6 values.

  • The maximum number of threat data objects that can be added to create intel has been increased from 4000 to 5000.

  • Apply Metadata to All Objects option is now enabled by default. This enhancement ensures that the objects that are created as part of the quick add intel submissions include some metadata, such as TLP, Confidence Score, and tags.

  • While importing threat data objects from a file, the default intel title is taken as the file name.

For more information, see Quick Add Intel.

Import Intel Enhanced

The Import Intel feature now incorporates the following enhancements:

  • Configuration-driven control to import intel from files that include partially valid data.

  • You can download the logs from the import intel history to view the details of partially created intel or failed intel creation.

  • Users will receive in-app notifications about the status of all intel imports.

  • To prevent erroneous selection of the collection for a file format, the default collection of the selected file format is automatically selected. For example, when you select the STIX 2.0 format, the Stix2 collection is automatically selected.

Note

The capability to import intel from PDF and free-text files is no longer available from Intel Exchange v3.6.0. Alternatively, use Quick Add Intel to extract threat data objects from PDF and free-text files, and create intel.

For more information, see Import Intel into Intel Exchange.

Other Enhancements

  • To help you prioritize the analysis of related objects, the relationship table in the relationship details of threat data objects now supports the sorting of objects based on the created and modified dates in ascending and descending orders.

Integrations

The following integrations are enhanced with this release:

  • CrowdStrike (API Feed Source): The feed channels are enhanced to provide an option to retain the Confidence Score reported by CrowdStrike as the CTIX Confidence Score. For more information, see CrowdStrike.

  • Mandiant (API Feed Source): The enhancement in data mapping now ensures more accurate alignment with Intel Exchange. For example, the object ID now corresponds to the x_mandiant_id custom attribute, while the threat_score corresponds to the source Confidence Score in Intel Exchange. For more information, see Mandiant Threat Intelligence.