Release Notes 3.7.5 (Early Access)
July 30, 2025
We are excited to introduce you to the latest version of Intel Exchange v3.7.5.0. This release includes new features, enhancements, and integrations.
Cyware Sandbox New
Cyware Sandbox is a malware analysis environment that allows analysts to safely detonate and examine suspicious files or URLs in isolation. With Sandbox, you can uncover potential threats, enrich threat intelligence, and generate actionable indicators, all without risking infrastructure and network exposure.
Notice
Contact your Cyware sales or support representative to gain access to Cyware Sandbox.
You can perform the following actions using Cyware Sandbox:
Scan: Run lightweight scans to quickly detect known malware patterns or indicators and receive instant feedback.
Sandbox: Analyze files or URLs in a virtual environment to observe behavior, access detailed reports, and generate threat intelligence from the results.
![]() |
For more information, see Cyware Sandbox.
Cyware Sectoral API Feeds New
Use Cyware Sectoral Feeds to receive daily threat intelligence tailored to your industry. Each feed provides relevant threat objects enriched with technical analysis to help you triage and respond faster. You can also enable dedicated ransomware and malware feeds to track high-risk threats across sectors.
Notice
Contact your Cyware sales or support representative to gain access to the feed.
As an analyst, you can perform the following actions:
Track sector-specific threats: Enable industry-specific feeds to reduce noise and prioritize indicators relevant to your environment.
Speed up investigations: Use enriched context for each indicator, including static and behavioral analysis, sandbox results, and related infrastructure.
Identify patterns across sectors: Leverage dedicated ransomware and malware feeds to monitor high-risk threats and spot broader trends beyond your sector.
![]() |
For more information, see Cyware Sectoral Feeds.
Intel Operations (Cyware Orchestrate) New
Intel Operations is now natively available in Intel Exchange through integration with Orchestrate, bringing automation to your threat workflows. This feature helps you collect threat data from multiple sources, build dynamic response playbooks, and integrate across security tools to reduce response time and manual effort.
Notice
Contact your Cyware sales or support representative to gain access to Intel Operations.
You can perform the following actions in Orchestrate:
Automate Threat Intelligence Response: Create playbooks to automate common threat response tasks, reducing manual effort and response time.
Review Playbook Run Logs: Use run logs to view detailed records of playbook executions, monitor outcomes, and troubleshoot issues.
![]() |
Cyware Advanced Threat Intel Crawler v3.0 New
With the latest version of Threat Intel Crawler, you can go beyond just scanning web pages or PDFs and extracting domain objects. You can also add metadata such as tags, descriptions, source details, and more directly from the browser to streamline intel creation and maintain consistency.
With this version, you can perform the following actions:
Extract Threat Data: Scan web pages or PDFs to extract threat objects (SDOs) and manually add any missing intel for completeness.
Enrich with Metadata: Add tags, descriptions, scores, and more to support deeper analysis and streamlined reporting.
Ingest or Export Intel: Push extracted threat data to Intel Exchange or download it as a structured CSV for easy sharing and further analysis.
![]() |
For more information, see Browser Extension.
Tag Groups New
Intel Exchange now supports Tag Groups to help you organize and apply related tags more efficiently. Use them to maintain consistent tagging during ingestion, avoid conflicting tag combinations, and simplify tag management.
![]() |
For more information, see Tag Groups.
Threat Data Enhanced
In Threat Data, the following enhancements are now available:
Custom Object Type: Filter threat data by custom object types to enable better organization, discovery, and analysis of ingested custom objects. For more information, see Search Filters.
Deprecates After: Use this field to define the valid until date for Indicator SDOs, helping automate deprecation and streamline lifecycle management across sources like STIX, API, Email, Webhooks, and Twitter (X). For more information, see STIX Sources.
Import Intel Enhanced
You can now upload multiple threat intel files simultaneously using drag-and-drop or file selection, making large-scale ingestion faster and easier. Additionally, you can assign them to specific collections during import, allowing you keep your threat intel organized and contextually relevant.
![]() |
For more information, see Import Intel into Intel Exchange.
Threat Investigation Canvas Enhanced
Threat Investigation Canvas now supports a broader set of actions and object types, enabling you to explore and manage threat data more efficiently.
With this update, you can perform the following actions:
Add Custom Object Nodes: Incorporate non-STIX-defined custom objects into the canvas, create relationships with other threat entities, and apply bulk actions. This allows deeper contextualization and improves investigation workflows. For more information, see Create Threat Investigations Canvas.
Perform Action on Multiple Nodes: Select multiple nodes to perform a single action such as enrichment (for indicators), tagging, marking for review, or initiating workflows. This enhancement aligns with the Threat Data module to ensure a consistent and efficient user experience. For more information, see Perform Action on Multiple Nodes.
Other Enhancements
In Custom Attributes and Custom Objects, you can now configure source-level visibility and deduplication. Additional columns for Attribute Source, Object Source, and Created By help improve traceability and support more precise filtering. For more information, see Custom Attributes.
In Import Intel, you can now perform bulk IOC lookups for up to 100,000 records in a single operation, making it easier to manage high-volume ingestion scenarios.
Intel Exchange now displays Attack Pattern objects in a consistent ID: Name format across all views. This improves clarity during investigation and ensures uniformity across filters, exports, and other workflows.
In Threat Mailbox, you can now ingest and analyze Outlook message files by uploading .msg files directly. This helps you process threat reports received over email without additional conversions. For more information, see Threat Mailbox.
During reingestion, Intel Exchange now appends values for multi-select custom attributes from different sources instead of overwriting them. This ensures that no contextual information is lost during ingestion.
In Tag Management, you can now use Privileged Access Tags with Restricted User Groups to control access to sensitive intel. This ensures only authorized users can view or act on threat data associated with these tags. For more information, see Tag Management.
Integrations
This release includes enhancements to existing integration, improving functionality, and expanding capabilities.
Enhanced
Domain Tools (Enrichment Tool): Now supports an updated configuration with separate parameters for Domain Enrichment Using and IP Enrichment Using. This enables precise dataset selection for each artifact type, improving enrichment accuracy and relevance. For more information, see DomainTools.