Maintenance release 3.7.2#
Product |
EclecticIQ Intelligence Center |
|---|---|
Release version |
3.7.2 |
Release date |
May 2026 |
Time to upgrade |
~40 minutes to upgrade an instance with 2.67 million entities, 1.85 million observables.
|
Time to migrate |
For an instance with 2.67 million entities, 1.85 million observables:
|
Changed#
Observable Maliciousness Resolution via Source Reliability
Extract rules now determine observable maliciousness based on source reliability hierarchy. When multiple sources report conflicting assessments, the platform applies rules from the highest-reliability source, ensuring consistent classifications regardless of ingestion order. Administrators can configure tie-break behavior for equal-reliability sources (most restrictive or most permissive) via the OBSERVABLE_MALICIOUSNESS_TIE_BREAK setting.
AI Content Generation Entity Linking
Fixed AI-generated Report entities to maintain proper relationships with the original entity selection that prompted generation. Reports now link directly to selected entities rather than only to common observables, improving discoverability and context within the graph.
Extract Rules Regex Optimization
Improved extract rule regex performance by switching to google-re2 non-backtracking regex engine for all user-provided regular expressions.
Fixes#
Public HTTP API Observable Handling
Fixed API-related errors in generation of empty and duplicate observable.
Intelligence Compass Requirement Fixes
Fixed Intelligence Requirement matching logic for unified entities in overview detail pane and column sorting persistence after updating records.
Bulk Tagging Operations
Fixed bulk add and remove tag operations to send all tags instead of only the first 10.
Entity Relationship Creation
Fixed issue where adding relationships to entities would break the application.
STIX Support Improvements
Fixed STIX label convention handling and added missing STIX 2.1 export option to graph context menu.
Dataset Workspace Field Requirement
Removed mandatory workspace field check for new dataset creation.
Threshold Type Validation
Fixed form error resulting from inactive entities threshold type validation.
Graph Node Opacity
Fixed graph node foreground opacity issue on entity selection.
IPv6 Address Validation
Adjusted IPv6 address regex validation to handle additional address formats.
Known issues#
Changes and Known issues with TAXII 2.1
Performance fixes for TAXII 2.1 in Intelligence Center 3.3.1
introduced changes and known issues to the TAXII 2.1 server.
For more information, see TAXII 2.1.
Deleted Intelligence Requirements will still be linked to the Entities they matched.
In Observable scoring, the Number of Sources parameter shows wrong count
In Observable Risk Scores, the Number of Sources parameter shows wrong count The count includes all sources, even though it was intended to exclude Enrichment sources.
Changing an Observable Risk Score policy will never result in the overall score of already scored Observables being lowered.
If an Observable Risk Score parameter is empty but enabled, it is still included in the parameter count for thresholds.
The Observable Risk Score preview only works if you’ve already saved the policy.
Observable scores can be exported as both EIQ JSON and CSV, but not ingested into an Intelligence Center instance.
In an Observable risk score policy, no warning is shown when a value in a parameter is assigned multiple Risk scores, even though this is not intended and results in an error.
Assigning model to NLP to Lucene capability may take a few minutes
Size limit for STIX 2.1 PDF attachment size does not apply for total size of the attachments, just to the size per attachment.
Incoming and Outgoing feeds fail if any Observable value in them includes a string that matches a character forbidden in XML. The forbidden XML characters are
U+FFFE,U+FFFF, and all UCS surrogates.Retention policies and Outgoing and Incoming feeds display the user’s timezone, but execute as if the entered time were in UTC.
Treat any times set or encountered while configuring these feeds and policies as UTC.Relationships created through Graphs aren’t assigned the default TLP if the Source entity was also created on the graph.
Be sure to assign the required TLP to the Relationship manually.When External references are hidden, the counts given for filters still include these references.
External references are included in relational searches, but excluded from the Neighbourhood tab.In Search and browse, when using Bulk actions to create a new Indicator or Sighting entity and add the selected Observables it, only two hundred Observables are added.
Be sure to portion out the Observables when using Bulk actions to add to an Indicator or Sighting entity.Data tables such as those on Observables’ Neighborhood tab can’t be sorted.
Going to the Observables tab of an Entity, selecting Observables, and selecting Remove from Entity does not work.
Public API compatibility#
EclecticIQ Intelligence Center 3.0 and newer uses Public API v2. It follows EclecticIQ Intelligence Center versioning scheme, e.g.,
EclecticIQ Intelligence Center 3.0.2 is compatible with
eclecticiq-extension-api==3.0.*,EclecticIQ Intelligence Center 3.1.0 is compatible with
eclecticiq-extension-api==3.1.*, etc.
Download#
For more information about setting up repositories, refer to the installation documentation for your target operating system.
EclecticIQ Intelligence Center and dependencies for Rocky Linux and RHEL |
|
|---|---|
EclecticIQ Intelligence Center extensions |
|
Upgrade#
See the following for upgrade instructions:
In order to upgrade to EclecticIQ Intelligence Center 3.0 and later, you must, be running one of the supported operating systems See: - Rocky Linux’ documentation: * for migrating to Rocky Linux * for upgrading Rocky Linux - RHEL’s documentation: * for upgrading 7 > 8 * for upgrading 8 > 9