Elastic has introduced a new Custom Threat Intelligence integration designed to streamline the ingestion of threat intelligence data in cybersecurity operations. This integration facilitates the conversion of Indicators of Compromise (IoCs) from the STIX 2.1 format into the Elastic Common Schema (ECS), allowing organizations to seamlessly incorporate threat data from various sources, such as STIX-compliant APIs, TAXII 2.1 servers, and even log files in air-gapped environments. Key features include automatic conversion of STIX data to ECS-compatible fields, the use of the Common Expression Language (CEL) for flexible API communication, and a built-in TAXII 2.1 client for easy data retrieval. Additionally, the integration supports visualizing threat data through an embedded dashboard and accommodates air-gapped environments by reading data from log files. This new capability aims to enhance the ability of cybersecurity teams to analyze and respond to threats by integrating diverse threat intelligence into Elastic's infrastructure.