Version history

Version 10.4.1 - February 2023

New: Added supporting changes for the Security Incident Response workspace.

Version 10.4.0 - November 202

• New:
  • Introducing a filter that allows running automated threat lookup on an observable only once within a configured duration. Any re-runs for the same observable will be skipped until the configured duration/period has passed.
  • Introducing a threat lookup finding calculator, which calculates the findings based on the responses received. For third-party integrations that provide the computed results, the threat lookup finding calculator maps the results to supported findings in the system.

Version 10.0.0 - March 2020

• Fixed:
  • Improved error handling of non existent observables.
  • Rate limiting the queries made to ThreatCrowd.
  • Description and Integration Configuration updates.

Version 5.0.12 - September 2019

• Fixed:
  • Improved error handling of nonexistent observables
  • Rate limiting the queries made to ThreatCrowd
  • Description and Integration Configuration updates

Version 1.0.0 - February 2018

• Supports threat intelligence lookups for URLs, IPs, hashes, and email addresses.
• After the application is configured, the workflow launches automatically, and Threat Crowd lookup execution and completion status is recorded in work notes on the Security Incident form.
• Observables can be looked up manually by adding them to the Security Incident form and launching workflows.
• Results display under the Threat Intelligence Results tab along with raw Threat Crowd lookup details.
• Supported observable types include:
  • IP address
  • URL
  • Domain
  • Email address
  • File hashes
  • Antivirus detections