Release Notes 3.6.3.3
February 12, 2024
We are excited to introduce you to the latest version of Intel Exchange v3.6.3.3. This release includes new features, enhancements, and integrations.
Cyware Partners with Team Cymru New
Intel Exchange integrates seamlessly with Team Cymru to deliver enriched, actionable threat intelligence feeds to security teams. This integration transforms raw data from Team Cymru’s feeds, Botnet Analysis & Reporting Service (BARS), and Controller feeds, into high-value insights that are automatically correlated and can be operationalized in Intel Exchange.
Note
Contact your Intel Exchange Customer Success Manager or Cyware sales representative to get access to this feed
 |
To know more about the Cyware and Team Cymru partnership, see Cyware + Team Cymru | Technology Alliances for Threat Intelligence.
For technical documentation, see Team Cymru.
X (Twitter) Feed Source New
You can now integrate X (Twitter) as a feed source, allowing real-time monitoring of cyber threat intelligence. Stay updated on emerging threats, IOCs, and vulnerabilities from this dynamic social platform, all within Intel Exchange.
 |
For more information, see X (Twitter) Feeds.
Detailed Submission Enhanced
Detailed Submission now includes the following enhancements:
The following STIX components are now available in Detailed Submission: Course of Action, Grouping, Incident, Intrusion Set, Malware Analysis, Observed Data, Opinion, Note, and Custom Object. This enhancement allows you to submit and curate a wider range of STIX threat data objects.
You can now specify Relation Type when linking primary and secondary objects, making it easier to define and understand the connections between different STIX components. This enhancement enables precise and detailed submissions of threat intelligence.
You can now add custom scores to all STIX components in Common Fields which helps you prioritize the analysis and dissemination of threat intel.
For more information, see Detailed Submission.
Custom Attributes Enhanced
In Custom Entities Management, you can now add multi-select custom attributes, allowing for flexible categorization of threat data.
Certain custom attributes are now reserved and cannot be created or mapped to custom objects. This enhancement helps maintain data consistency and seamless interoperability.
 |
For more information, see Custom Attributes.
Other Enhancements
While using the Import Intel option, the ingestion limit for IOCs in CSV files has been increased from 10,000 to 50,000 records. This enhancement allows for more efficient processing of larger datasets, improving scalability and performance. For more information, see Import Intel into Intel Exchange.
You can now create tasks in an unassigned state in Global Actions. This enhancement provides greater flexibility in task management, allowing you to assign tasks whenever required. For more information, see Global Tasks.
The Configuration module now allows you to enable email notifications for users outside Intel Exchange. This enhancement ensures broader communication and keeps relevant users informed about important platform updates. For more information, see Configure System Notifications.
Integrations New
The following integrations are introduced with this release:
API Feed Sources
Hunt.io: Hunt.io integrates with Intel Exchange to provide actionable threat intelligence by tracking malicious infrastructure across the internet. For more information, see Hunt.io.
VulnCheck Community: VulnCheck Community provides intelligence about known exploited vulnerabilities (KEV), enabling security analysts to make informed decisions to remediate vulnerabilities. This does not require a premium subscription to Vulncheck. For more information, see VulnCheck Community.
VulnCheck Premium: VulnCheck Premium allows you to retrieve feeds about vulnerabilities, threat actors, IP addresses, and malware. This feed source requires a premium subscription to VulnCheck. For more information, see VulnCheck Premium.
Enrichment Tools
Microsoft Defender Threat Intelligence: Microsoft Defender Threat Intelligence delivers critical insights into IPs, domains, and vulnerabilities that help you gain deeper context about cyber threats. For more information, see Microsoft Defender Threat Intelligence.
GreyNoise Community: GreyNoise Community enriches IPv4 addresses and vulnerabilities, enabling security analysts to filter out internet background noise and focus on real threats. This integration does not require a premium subscription to GreyNoise. For more information, see GreyNoise Community.
Internal Applications
Microsoft Defender for Endpoint: Microsoft Defender for Endpoint is a threat protection platform designed to safeguard enterprise networks by detecting, investigating, and mitigating security breaches efficiently. For more information, see Microsoft Defender for Endpoint.
Integrations Enhanced
The following integrations are enhanced with this release:
API Feed Sources
Dragos WorldView: This integration now retrieves threat data feeds related to industrial control systems (ICS) with improved performance. A new feed channel, Fetch Indicator Feeds, has been added, while the existing Fetch Product Feeds channel has been enhanced to include additional objects and relationships. For more information, see Dragos WorldView.
Mandiant Threat Intelligence: This integration is now completely overhauled for improved performance with expanded functionality. This update enhances all feed channels with additional object types, labels, custom attributes, and relation types. For more information, see Mandiant Threat Intelligence.
Enrichment Tools
GreyNoise: This integration provides intelligence about exploits and vulnerabilities, helping security analysts make informed decisions to remediate vulnerabilities. The enhancement improves overall performance. This feed source requires a premium subscription to GreyNoise. For more information, see GreyNoise.
VirusTotal V3: This integration is updated to VirusTotal V3, improving overall usage and threat intelligence capabilities by enhancing the analysis of IP addresses, URLs, file hashes, and domains. For more information, see VirusTotal V3.
Recorded Future: This integration now allows for more comprehensive vulnerability enrichment, with the introduction of additional fields such as custom attributes and key statistics for improved intelligence gathering. Additionally, two new scores, Base Score and Temporal Score, are now added to further enhance threat analysis. For more information, see Recorded Future.
Internal Applications
Microsoft Sentinel: This integration now supports the Create or Update (upsert) operation for indicators. If an indicator already exists in Microsoft Sentinel, it will be updated, otherwise, a new indicator will be created. For more information, see Microsoft Sentinel.
ArcSight: This release improves the stability and performance of the integration. Redundant authentication calls have been removed, and bulk object submission has been introduced, replacing the previous single-object payload for submit and update calls. For more information, see ArcSight ESM.