TIS 1.9.4

The LogRhythm Threat Intelligence Service (TIS) and the LogRhythm Threat Intelligence Module work together to collect and analyze data published by reputable threat data providers to alert users to threats in their environments.

TIS 1.9.4 is a general availability (GA) release.

Release Notes

New Features

  • No features were added in this release.

Improvements

  • Customers can now select an endpoint region (base URL) for CrowdStrike queries. For more information about configuring your base URL, see Vendor Subscription Information.

  • Now supporting parsing for the following:
    • Custom objects in STIX 2.0 feed files
    • Email threat indicators
    • Hash indicators in STIX 2.0 format files

Deprecated Features

  • Removed feeds for AutoShun and Malware Domains from the UI.

Resolved Issues

Bug IDTicket NumberFound in VersionRelease Notes
DE103993724341.9.2

TIS now supports parsing for custom objects in STIX 2.0 feed files.

DE117663963731.9.3

TIS now supports parsing for email threat indicators.

DE117673956721.9.2

TIS now supports parsing for hash indicators in STIX 2.0 format files.

DE119224058161.9.3

TIS now runs as expected regardless regardless of a user's permissions.

DE119304067901.9.3

TIS feeds for AutoShun and Malware Domains were removed from the user interface (UI) because these threat analytics were shut off by the third-party provider.

DE119554063341.9.3

When collecting threat feed data from CrowdStrike, customers can now select an endpoint region (base URL) for their queries. Four regions are currently available:

For more information about configuring your base URL, see Vendor Subscription Information.

DE120364063341.9.3

Added an additional verification check for a user's permissions on Indicators (Falcon X) API scope to ensure the CrowdStrike integration functions properly.

DE12049N/A1.9.3

Updated rate limiting logic to add a delay between CrowdStrike API calls.