Maintenance release 3.7.1

Product	EclecticIQ Intelligence Center
Release version	3.7.1
Release date	April 2026
Time to upgrade	~40 minutes to upgrade an instance with 2.67 million entities, 1.85 million observables. From the previous release Using the installation script For an instance running on one machine
Time to migrate	For an instance with 2.67 million entities, 1.85 million observables: PostgreSQL migration: 13m30s Elasticsearch migration: 18m40s

Changed

• Maliciousness rating override for outgoing feeds Outgoing feed configuration now includes an option to override the maliciousness rating of observables at packaging time. When enabled, a fixed maliciousness value is applied to all observables exported by the feed.

Fixes

• Link creation with newly created observables Fixes an issue where creating a relation between a newly created observable and an existing entity would fail to create the link.

• Outgoing feed packing failure on Advanced CSV Observable feeds Fixes an issue where packing an Advanced CSV Observable outgoing feed based on a TAXII dataset would fail unexpectedly.

• Admin users can now delete protected workspaces Fixes an issue where workspaces flagged as protected could not be deleted, even by administrators. Admin users can now delete any workspace regardless of its protection status.

• Minor UI and interaction fixes for custom attribute creation Fixes several issues in the custom attribute and custom entity creation flow.

• First table cell border cannot be removed in reports Fixes an issue where the border on the first cell of a table in a report could not be removed, regardless of the styling settings applied. All table cell borders can now be removed consistently.

• Minor UI fixes Addresses minor typos and layout issues.

Known issues

Changes and Known issues with TAXII 2.1

Performance fixes for TAXII 2.1 in Intelligence Center 3.3.1 introduced changes and known issues to the TAXII 2.1 server.
For more information, see TAXII 2.1.

• Deleted Intelligence Requirements will still be linked to the Entities they matched.
  

• In Observable scoring, the Number of Sources parameter shows wrong count

• In Observable Risk Scores, the Number of Sources parameter shows wrong count The count includes all sources, even though it was intended to exclude Enrichment sources.
  

• Changing an Observable Risk Score policy will never result in the overall score of already scored Observables being lowered.
  

• If an Observable Risk Score parameter is empty but enabled, it is still included in the parameter count for thresholds.

• The Observable Risk Score preview only works if you’ve already saved the policy.
  

• Observable scores can be exported as both EIQ JSON and CSV, but not ingested into an Intelligence Center instance.
  

• In an Observable risk score policy, no warning is shown when a value in a parameter is assigned multiple Risk scores, even though this is not intended and results in an error.
  

• Assigning model to NLP to Lucene capability may take a few minutes
  

• Size limit for STIX 2.1 PDF attachment size does not apply for total size of the attachments, just to the size per attachment.
  

• Incoming and Outgoing feeds fail if any Observable value in them includes a string that matches a character forbidden in XML. The forbidden XML characters are U+FFFE, U+FFFF, and all UCS surrogates.
  

• Retention policies and Outgoing and Incoming feeds display the user’s timezone, but execute as if the entered time were in UTC.
  Treat any times set or encountered while configuring these feeds and policies as UTC.
  

• Relationships created through Graphs aren’t assigned the default TLP if the Source entity was also created on the graph.
  Be sure to assign the required TLP to the Relationship manually.
  

• When External references are hidden, the counts given for filters still include these references.
  External references are included in relational searches, but excluded from the Neighbourhood tab.
  

• In Search and browse, when using Bulk actions to create a new Indicator or Sighting entity and add the selected Observables it, only two hundred Observables are added.
  Be sure to portion out the Observables when using Bulk actions to add to an Indicator or Sighting entity.
  

• Data tables such as those on Observables’ Neighborhood tab can’t be sorted.
  
  

• Going to the Observables tab of an Entity, selecting Observables, and selecting Remove from Entity does not work.
  

Public API compatibility

EclecticIQ Intelligence Center 3.0 and newer uses Public API v2. It follows EclecticIQ Intelligence Center versioning scheme, e.g.,

• EclecticIQ Intelligence Center 3.0.2 is compatible with eclecticiq-extension-api==3.0.*,

• EclecticIQ Intelligence Center 3.1.0 is compatible with eclecticiq-extension-api==3.1.*, etc.

Download

For more information about setting up repositories, refer to the installation documentation for your target operating system.

EclecticIQ Intelligence Center and dependencies for Rocky Linux and RHEL	Platform packages: https://downloads.eclecticiq.com/platform-packages-centos/ Platform dependencies: https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/ Note The Intelligence Center dependencies URL for versions 2.9 and later is https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/. It contains packages that are incompatible with versions 2.8 and earlier.
EclecticIQ Intelligence Center extensions	Platform extensions: https://downloads.eclecticiq.com/Extensions/

Upgrade

See the following for upgrade instructions:

• Upgrade EclecticIQ Intelligence Center on Rocky Linux

• Upgrade EclecticIQ Intelligence Center on RHEL

In order to upgrade to EclecticIQ Intelligence Center 3.0 and later, you must, be running one of the supported operating systems See: - Rocky Linux’ documentation: * for migrating to Rocky Linux * for upgrading Rocky Linux - RHEL’s documentation: * for upgrading 7 > 8 * for upgrading 8 > 9