--- title: "CAL 3.15 Release Notes | ThreatConnect" slug: "cal-3-15-release-notes" description: "This article provides the CAL 3.15 release notes." updated: 2026-03-24T14:53:54Z published: 2026-03-24T14:53:54Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # CAL 3.15 Release Notes The CAL™ 3.15 release introduces improvements to the CAL Automated Threat Library (ATL) and expanded AI-based MITRE ATT&CK® classification coverage. These updates improve the quality of intelligence extracted from reports and expand the sources analysts can use for threat monitoring. ## CAL Automated Threat Library (ATL) Updates The **[CAL Automated Threat Library](https://knowledge.threatconnect.com/docs/cal-automated-threat-library-atl)** Source has been significantly enhanced to improve the quality, reliability, and timeliness of threat intelligence derived from cybersecurity blogs and reports: - [Over 120 of the best blog and report sources](https://knowledge.threatconnect.com/docs/cal-automated-threat-library-atl-supported-blogs)—including CERTs, government agencies, security research organizations, industry vendors, and security news—now power CAL ATL intelligence. These sources include the following: - 46 new blog and report sources - Reactivated blog and report sources: - 360 Netlab Blog - Check Point Research - CrowdStrike (formerly CrowdStrike Blog) - Dark Reading - Flashpoint - Internet Crime Complaint Center (IC3) - RedPacket Security (formerly Red Packet Security Pikabot C2, Red Packet Security Ransomware Feed, and Red Packet Security Posh C2) - Security Week - Splunk (formerly Splunk Threat Research Team) - The DFIR Report - The Digest (Crypto-Ransomware) (formerly ID Ransomware) - VIPRE Labs (formerly VIPRE Labs Blog) - Blog and report sources are now updated **hourly**, allowing new threat intelligence to be added to ThreatConnect® faster. - Improved handling of blog links reduces false positives when extracting Indicators of Compromise (IoCs). - Tags for CAL ATL Reports now more accurately reflect source metadata, improving filtering, search, and intelligence requirement (IR) matching. See *[Prepare for CAL ATL Changes in CAL 3.15 Release](https://knowledge.threatconnect.com/docs/prepare-for-cal-atl-changes-in-cal-3-15-release)* for details on Tag updates in this release. ## MITRE ATT&CK AI Classification Update ThreatConnect’s [AI-based MITRE ATT&CK classification](https://knowledge.threatconnect.com/docs/mitre-attack-ai-classification-in-threatconnect) capabilities have been expanded to identify **642 techniques and sub-techniques**, an increase from **608** in previous releases. This improvement enables ThreatConnect to identify approximately **93% of MITRE ATT&CK techniques and sub-techniques** through implicit references in threat reports. These updates will improve analyst workflows in the following ways: - Identify Tactics, Techniques, and Procedures (TTPs) not explicitly called out in reports. - Identify four times the number of MITRE ATT&CK tactics and techniques identified by traditional matching methods. - Prioritize the most essential reports, based on identified TTPs. - Save time by removing irrelevant content from queries and IRs. - Support more informed visual exploration in ThreatConnect’s [ATT&CK Visualizer](https://knowledge.threatconnect.com/docs/attack-visualizer) and [Threat Graph](https://knowledge.threatconnect.com/docs/threat-graph) features. ## Other Updates - CAL ATL now recognizes more name variations for MITRE ATT&CK tactics. This change empowers the **Pivot with CAL** option in Threat Graph to include more MITRE ATT&CK tactics. - [CAL Doc Analysis Service](https://knowledge.threatconnect.com/docs/cal-doc-analysis-service)improvements: - Alias extraction now includes additional capitalization variations to improve identification of Intrusion Sets and their aliases, tools, software, and other entities. - Indicator extraction now includes additional Autonomous System (AS) formats. - New obfuscation extraction options have been added. - The description of CAL ATL Reports on the **Details** screen has been reformatted to a more streamlined look and reduction of false positives from inline links. This change also includes the movement of all image content to the end of the description. --- *ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc. MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.* ## Related - [Prepare for CAL ATL Changes in CAL 3.15 Release](/prepare-for-cal-atl-changes-in-cal-3-15-release.md) - [CAL Automated Threat Library (ATL) Supported Blogs](/cal-automated-threat-library-atl-supported-blogs.md)