diff --git a/CHANGES b/CHANGES
index fc5d4478a3..2d0b4e5659 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.6-563 | 2019-07-03 01:57:40 -0700
+
+  * Fix CIF integration and add logging options to intel.log and added comments to code (sfinlon)
+
 2.6-558 | 2019-07-01 01:27:50 -0700
 
   * GH-443: fix uses of timestamp 0 in cluster diagnostic logs
diff --git a/VERSION b/VERSION
index 8acd744a9c..447199db43 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-558
+2.6-563
diff --git a/doc b/doc
index 8048e7bbe3..d08f22cdf1 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit 8048e7bbe37a4b6fea3625090e359c052f3a21cc
+Subproject commit d08f22cdf179f4dfd7a49076e384a794a0d51a57
diff --git a/scripts/policy/integration/collective-intel/main.zeek b/scripts/policy/integration/collective-intel/main.zeek
index fac86dd744..51b7202a33 100644
--- a/scripts/policy/integration/collective-intel/main.zeek
+++ b/scripts/policy/integration/collective-intel/main.zeek
@@ -1,15 +1,66 @@
-
 @load base/frameworks/intel
 
 module Intel;
 
-## These are some fields to add extended compatibility between Zeek and the
-## Collective Intelligence Framework.
-redef record Intel::MetaData += {
-	## Maps to the Impact field in the Collective Intelligence Framework.
-	cif_impact:     string &optional;
-	## Maps to the Severity field in the Collective Intelligence Framework.
-	cif_severity:   string &optional;
-	## Maps to the Confidence field in the Collective Intelligence Framework.
-	cif_confidence: double &optional;
-};
+## This file adds mapping between the Collective Intelligence Framework (CIF) and Zeek.
+
+export {
+	redef record Intel::MetaData += {
+		## Maps to the 'tags' fields in CIF
+		cif_tags: string &optional;
+		## Maps to the 'confidence' field in CIF
+		cif_confidence: double &optional;
+		## Maps to the 'source' field in CIF
+		cif_source: string &optional;
+		## Maps to the 'description' field in CIF
+		cif_description: string &optional;
+		## Maps to the 'firstseen' field in CIF
+		cif_firstseen: string &optional;
+		## Maps to the 'lastseen' field in CIF
+		cif_lastseen: string &optional;
+	};
+
+	## CIF record used for consistent formatting of CIF values.
+	type CIF: record {
+		## CIF tags observations, examples for tags are ``botnet`` or ``exploit``.
+		tags: string &optional &log;
+		## In CIF Confidence details the degree of certainty of a given observation.
+		confidence: double &optional &log;
+		## Source given in CIF.
+		source: string &optional &log;
+		## description given in CIF.
+		description: string &optional &log;
+		## First time the source observed the behavior.
+		firstseen: string &optional &log;
+		## Last time the source observed the behavior.
+		lastseen: string &optional &log;
+	};
+
+	redef record Info += {
+		cif: CIF &log &optional;
+	};
+
+}
+
+hook extend_match(info: Info, s: Seen, items: set[Item]) &priority=5
+	{
+	for ( item in items )
+		{
+		local tmp: CIF;
+
+		if ( item$meta?$cif_tags )
+			tmp$tags = item$meta$cif_tags;
+		if ( item$meta?$cif_confidence )
+			tmp$confidence = item$meta$cif_confidence;
+		if ( item$meta?$cif_source )
+			tmp$source = item$meta$cif_source;
+		if ( item$meta?$cif_description )
+			tmp$description = item$meta$cif_description;
+		if ( item$meta?$cif_firstseen )
+			tmp$firstseen = item$meta$cif_firstseen;
+		if ( item$meta?$cif_lastseen )
+			tmp$lastseen = item$meta$cif_lastseen;
+
+		info$cif = tmp;
+		}
+	}