Threat Intelligence Service
TIS 1.9.7
The LogRhythm Threat Intelligence Service (TIS) and the LogRhythm Threat Intelligence Module work together to collect and analyze data published by reputable threat data providers to alert users to threats in their environments.
TIS 1.9.7 is a general availability (GA) release.
Release Notes
New Features
Added Support for TAXII 2.0:
Pagination is implemented via multiple requests using
Rangeheaders and theadded_afterfilter to ensure only recent and relevant data is ingested.
Added Support for TAXII 2.1
Pagination follows the TAXII 2.1 specification, using the
nextlink andhasMoreflag to manage feed retrieval.
A new configuration setting,
MaxRecordsToFetch, allows users to control the maximum number of STIX objects ingested per session (capped at 100,000).UI-level enhancement introduces a “Fetch Feeds Added After” date filter for V2 providers, with validation to ensure data stays within the configured retention window.
Improvements
The system handles large datasets without memory/time-out issues.
Deprecated Features
HailaTAXII removed due to service no longer online.
Resolved Issues
Bug ID | Release Notes |
|---|---|
ENG-58200 | An issue with TIS sync not working as expected due to TAXII 2.0 not correctly sending headers has been resolved in this release by introducing new TAXII 2.0 support features. |
ENG-63553 | An issue with creating a custom TAXII 2.0 feed that would result in a HTTP 406 error in certain situations has been resolved in this release by introducing new TAXII 2.0 support features. |
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.