Release 4.9 (July 2025)

Updated
  • Updated on Jul 30, 2025
  • Published on Jul 30, 2025
  • 3 minute(s) read
Prev Next

HTML Similarity Content Search

In version 4.9, we launch HTML Similarity Content Search, a powerful one-step tool that unifies multiple API calls, making it easy to discover websites with matching HTML content.

Threat actors frequently reuse underlying templates across their campaigns. This tool facilitates template-based site detection, allowing Threat Analysts to input a known malicious site's URL or SSDeep hash to identify other websites using the same template. Since these templates are often modified, the tool also enables analysts to apply a percentage match filter to refine search results according to their specific requirements.

Users can also pivot directly from ssdeep hash values in web scan results to search for similar sites based on the HTML content.

Notification Center

We enable users to receive notifications, designed to deliver monitored event details as soon as results become available. A dedicated notification settings page enables users to select their preferred delivery method, including in-app notifications, email, or integration with Slack or Microsoft Teams channels. Additionally, a notifications history section is provided, enabling users to view and filter all past notifications.

Web Hook Integration

As an extension of the notification center, we have introduced new mediums to receive notifications through the use of webhooks.

  • Integrate with Teams through our dedicated Teams Webhook

  • Integrate with Slack and send notifications to your desired channels or chats.

  • Set up a custom webhook to receive notifications elsewhere.

Table View Option for Feeds and Exports

Our latest update enhances data feed management with an optional table view for data exports and feeds. Enterprise users can now perform faster, side-by-side comparisons of IOFA, organization, and user-added feeds. Toggle seamlessly between the existing card view and the new table view to enhance visibility, streamline management, and make more informed, data-driven decisions.

TAXII details in Automated Exports

The new TAXII tab consolidates all necessary details for accessing your exports via TAXII, including the TAXII server URL, collection ID, and credentials (available through Customer Success).

The update also enhances the Automate Export flow with:

  • Direct TAXII server URL displayed for each export.

  • Ready-to-use Bash script prefilled with the necessary credentials.

  • Python code snippet leveraging the TAXII client library for quick integration.
    This makes it faster and simpler to automate, integrate, and access your IOFA and organization exports programmatically.

Domain TLD and Ip Diversity Search & Filtering

We’ve introduced advanced search and filtering capabilities in the Feed Scanner. Analysts can now:

  • Filter by TLD (e.g., .de, .es, .uk) using domaininfo.zone, allowing rapid focus on country-specific threats.

  • Search by multiple ASNs within ip_diversity.asns, returning all relevant records—even when ASNs appear deep within arrays.

These improvements empower to quickly triage and analyse threats relevant to their national infrastructure, improving the speed and accuracy of incident response.

Save To ability for Web Scanner

You can now save results directly from Web Scanner results to feeds or draft feeds, ensuring a consistent experience across all query result tables. Key highlights:

  • The Save To button has been added to Web Scanner results, aligning with the Explore table experience.

  • Smart field selection: Choose which field (domain, IP, or URL) to add, with options tailored to the table type.

  • Feed flexibility: Save to existing feeds or create new draft feeds, with built-in validation and permission checks.

  • Clear guidance: The modal confirms the selected feed and number of items saved, with a note that only the first 100 results can be saved per query.

This update streamlines threat hunting workflows, enabling faster curation and organization of critical findings for future action.

Created Date and Last Updated Date for feed

We’ve improved feeds to provide users with clear visibility into their availability and freshness, reducing confusion and enhancing workflow efficiency.

What’s new:

  • Creation & Last Updated Timestamps: Each feed now displays the date it was created and the date it was last updated, shown in your local time zone for convenience.

  • Unprocessed Feed Indicators: Feeds that are not yet processed now display “To Be Processed” instead of a timestamp

This update ensures you always know when feeds are ready, helping you make faster, data-driven decisions without wasting time on unavailable feeds.