Maintenance release 3.6.1#
Product |
EclecticIQ Intelligence Center |
|---|---|
Release version |
3.6.1 |
Release date |
February 2026 |
Time to upgrade |
~40 minutes to upgrade an instance with 2.67 million entities, 1.85 million observables.
|
Time to migrate |
For an instance with 2.67 million entities, 1.85 million observables:
|
Changed#
Dashboard widget support for producer information
Dashboard widgets for Indicators now support additional fields: producer identity name (data.producer.identity.name), producer description (data.producer.description), and producer roles (data.producer.roles).
AI writing assistant now supports additional providers
AI writing assistant now supports additional providers.
KeyLines license upgrade
KeyLines graph visualization library has been upgraded to version 8.8.
Recursive subfolder processing for SFTP feeds
SFTP feeds now support automatic ingestion of files from subfolders. A new “Include subfolders” option allows you to specify the depth of subfolder scanning (1-3 levels), eliminating the need to create multiple feeds when source folder structures change.
Updated messages and notifications
Messages and notifications in emails and throughout the platform have been updated for improved clarity.
Fixes#
AI entity extraction error messages
Fixes an issue where AI entity extraction displayed a misleading error message. The system now displays clearer error messages with an option to view the system job for more details.
TLP dropdown visibility in report templates
Fixes an issue where the TLP dropdown menu was hidden when opened in the footer area of report template edit forms.
Date format locale support
Fixes an issue where date formats did not respect the user’s locale settings.
Page break lines in exported PDF reports
Fixes an issue where visible lines appeared at page break locations in exported PDF reports.
Deleting orphaned draft entities
Fixes an error that occurred when attempting to delete draft entities whose parent entity was missing.
Attack analysis metadata preservation
Fixes an issue where editing the name and description of an attack analysis would reset the UI metadata.
Entity deduplication phase issue
Fixes an issue during entity ingestion where packages without STIX IDs would fail with an error.
Threat actor type vocabulary support
Fixes an issue where the Threat Actor Type vocabulary was not properly applied to Threat Actor objects.
Dataset collection display
Fixes an issue where the dataset collection field displayed IDs instead of dataset names.
Various minor UI fixes
Known issues#
Changes and Known issues with TAXII 2.1
Performance fixes for TAXII 2.1 in Intelligence Center 3.3.1
introduced changes and known issues to the TAXII 2.1 server.
For more information, see TAXII 2.1.
Deleted Intelligence Requirements will still be linked to the Entities they matched.
In Observable scoring, the Number of Sources parameter shows wrong count
In Observable Risk Scores, the Number of Sources parameter shows wrong count The count includes all sources, even though it was intended to exclude Enrichment sources.
Changing an Observable Risk Score policy will never result in the overall score of already scored Observables being lowered.
If an Observable Risk Score parameter is empty but enabled, it is still included in the parameter count for thresholds.
The Observable Risk Score preview only works if you’ve already saved the policy.
Observable scores can be exported as both EIQ JSON and CSV, but not ingested into an Intelligence Center instance.
In an Observable risk score policy, no warning is shown when a value in a parameter is assigned multiple Risk scores, even though this is not intended and results in an error.
Assigning model to NLP to Lucene capability may take a few minutes
Size limit for STIX 2.1 PDF attachment size does not apply for total size of the attachments, just to the size per attachment.
Incoming and Outgoing feeds fail if any Observable value in them includes a string that matches a character forbidden in XML. The forbidden XML characters are
U+FFFE,U+FFFF, and all UCS surrogates.Retention policies and Outgoing and Incoming feeds display the user’s timezone, but execute as if the entered time were in UTC.
Treat any times set or encountered while configuring these feeds and policies as UTC.Relationships created through Graphs aren’t assigned the default TLP if the Source entity was also created on the graph.
Be sure to assign the required TLP to the Relationship manually.When External references are hidden, the counts given for filters still include these references.
External references are included in relational searches, but excluded from the Neighbourhood tab.In Search and browse, when using Bulk actions to create a new Indicator or Sighting entity and add the selected Observables it, only two hundred Observables are added.
Be sure to portion out the Observables when using Bulk actions to add to an Indicator or Sighting entity.Data tables such as those on Observables’ Neighborhood tab can’t be sorted.
Going to the Observables tab of an Entity, selecting Observables, and selecting Remove from Entity does not work.
Public API compatibility#
EclecticIQ Intelligence Center 3.0 and newer uses Public API v2. It follows EclecticIQ Intelligence Center versioning scheme, e.g.,
EclecticIQ Intelligence Center 3.0.2 is compatible with
eclecticiq-extension-api==3.0.*,EclecticIQ Intelligence Center 3.1.0 is compatible with
eclecticiq-extension-api==3.1.*, etc.
Download#
For more information about setting up repositories, refer to the installation documentation for your target operating system.
Upgrade#
The diagram below describes upgrade paths for EclecticIQ Intelligence Center. See the following for upgrade instructions:
In order to upgrade to EclecticIQ Intelligence Center 3.0, you must:
Be running one of the supported operating systems.
See Upgrade.
Upgrade from EclecticIQ Intelligence Center 2.14.
If you are running an older version of EclecticIQ Intelligence Center, you must upgrade to 2.14 before attempting to upgrade to EclecticIQ Intelligence Center 3.0.

Upgrade diagram#