Cyware Threat Intelligence eXchange

AI Assist-Enabled Parsing: Automates threat data extraction from ingested sources, minimizing input errors and ensuring consistency. This improves data processing speed and allows analysts to focus on high-priority tasks.

AI-Generated Analyst Descriptions: Uses AI to generate concise, context-aware summaries of threat data, ensuring uniform documentation and enabling faster, more reliable threat assessments.

You can now configure limits on the number of API requests that subscribers make per minute, hour, and day. This update helps prevent potential server overloads and ensures compliance with the allocated API quota, maintaining stable performance and availability. For more information, see Configure TAXII Preferences.

Improve security by uploading certificates from trusted certificate authorities to ensure enhanced authentication for subscribers. This adds an additional layer of security, reducing the risk of unauthorized access. For more information, see Add Subscribers Manually in CTIX.

Create CFTR Incident: You can now configure rules to create incidents in CFTR from report objects, enabling automated incident generation based on the specified criteria.

Update Custom Score: You can now update the custom score values of objects using rules, allowing for the automatic adjustment of scores based on evolving threat intelligence.

You can now export custom scores as part of custom attributes while exporting threat data objects, ensuring all relevant metrics are preserved for external analysis or reporting.

The Threat Data Timeline now displays the creator and source of objects, improving transparency in threat data management. For non-indicator objects, the timeline captures manual actions performed.

Additionally, updates like TLP changes, privileged tags, and custom score adjustments are now logged, providing comprehensive tracking and accountability for all critical changes. These enhancements enable you to effectively review changes to threat data objects.

You can now revoke threat data objects identified as erroneous or outdated threat intelligence, ensuring that only accurate and relevant data is retained. This option is supported for all object types except custom objects, observables, and incidents. For more information, see Action on Threat Data Objects.

You can now redirect to the source Threat Investigation canvas directly from the Threat Data object details page, allowing for seamless access to the investigation context and facilitating efficient analysis.

The Actions Taken tab now features improved error handling for third-party actions with a new Status column. This column displays values such as Success, Failed, Timeout, and Unknown. It also includes detailed status codes and copyable JSON responses. Connection error notifications alert users of failures, enhancing troubleshooting and user experience.

Intel Exchange now supports the automatic conversion of Markdown to HTML in object descriptions, ensuring that detailed reports and IOCs from feed providers are displayed in a readable format. This enhancement improves the clarity and presentation of descriptions in the Basic Details tab.

In Rules, a new option Trigger on Deprecate is now introduced, which automatically runs the configured action associated with a threat intel object after it is deprecated. This ensures that object data is up-to-date without manual effort.

Custom scores can now be disabled and hidden from the UI, search, and CQL. Disabled scores are no longer editable but can be re-enabled, restoring their visibility and associations with historical threat data. Additionally, audit logs now capture custom score activities, including status changes. For more information, see Configure Custom Scores.

While creating intel from RSS feeds, the source description of the intel now includes a link to the source RSS article, ensuring easy access to the original content.

In Threat Investigations, you can now enrich a node using multiple enrichment tools, enhancing the overall user experience.