In today’s fast-moving threat landscape, your intelligence doesn’t always fit predefined categories. EclecticIQ Intelligence Center 3.6 gives you Custom objects, built on STIX’s extension capability, so you can capture and operationalize intelligence that goes beyond the standard object types.
When your intel outgrows standard STIX
Standard STIX object types don’t always capture the nuances of the data CTI teams work with. Tracking cryptocurrency wallets, mapping blockchain transactions, documenting forensic evidence, or monitoring suspicious financial activity often goes beyond what’s available out of the box.
Without flexibility, you’re forced into clumsy workarounds: cramming intel into the wrong type, leaving out important context, or scattering details across spreadsheets outside the platform. That slows investigations, weakens analysis, and creates gaps in decision-making - right when speed and accuracy matter most.
Our solution: Custom objects
Custom objects let you model intelligence the way you need to. Instead of bending your data to fit predefined categories, you create structures that reflect your threat landscape.
For example, you can capture the full details of a cryptocurrency wallet tied to ransomware, including blockchain type and transaction history, all linked back to STIX Threat Actors or Campaigns. Or you might document forensic evidence from a breach with attributes for chain of custody, analysis results, and storage locations. You might also define a custom type for credit card data linked to fraud campaigns, or model honeypot intelligence with fields for attacker behavior, payloads, and infrastructure. In one real-world case, a customer even captured individual events from their honeypot network, including key attributes like attacker IPs, allowing them to model intrusion activity over time and link it back to existing intelligence.
Whatever the use case, these custom objects are treated just like any other object in the platform, meaning you can search, correlate, visualize, and analyze them with the same powerful tools you already use. There’s no compromise when bringing custom data into your workflow: you decide exactly how intelligence is captured, organized, and linked for analysis.
Full list of supported capabilities
Data modeling & customization
- Define custom object types for your intelligence needs
- Create reusable attributes with strict data types (string, number, date, etc.)
- Set mandatory vs. optional fields
Workflow integration
- Use custom objects in automated rules and detection logic
- Link them to STIX entities for comprehensive analysis
- Apply TLP marking, MITRE ATT&CK mapping, and tagging
Operational efficiency
- Reuse attribute definitions across multiple objects for consistency
- Organize and filter custom data alongside standard intelligence entities
Data quality & governance
- Validate data quality through type checking and mandatory field enforcement
- Evolve object structures without breaking your existing data
- Maintain audit trails
- Control access with role-based permissions
Import, export & sharing
- Import custom objects directly into the platform
- Export in EIQ-JSON or CSV formats
- Choose which custom fields to include in CSV exports
Why it matters for you
✅ Model intel your way: You stay aligned with real-world investigations instead of bending your intel to fit standard STIX objects.
✅ Preserve context: Add the attributes, relationships, and metadata that give meaning to your intelligence, so nothing gets lost.
✅ Use your custom data everywhere: Use it in automations, investigations, reports, and visual graphs, just like any other data.
Ready to capture the full picture?
No more compromises. With Custom objects you shape the platform around your intelligence needs instead of reshaping your intelligence to fit the platform. Book a demo and discover how you can capture every detail, keep context intact, and move faster in your investigations.
