Skip to main content

Cyware Threat Intelligence eXchange

Configure TAXII Preferences

To configure your TAXII URL preferences, click Edit and do the following settings:

  • STIX Type: Select the required format for publishing threat intel from CTIX. CTIX supports STIX 1.1.1, STIX 1.2, STIX 2.0, STIX 2.1, and MISP formats for publishing threat intel. By default, it publishes the threat intel in the STIX 2.1 format. For more information about the scenarios that can occur when enabling multiple formats for publishing, see Configuration.

  • STIX Version for TAXII Server 1.x: Select a default STIX binding format for your TAXII 1.x server. CTIX subscribers receive the threat intel feeds in the selected binding format.

  • Publishing Preferences:

    • Preference Method: Select between two types of IDs for publishing threat data objects - the Threat Data ID and the Publishing ID. By default, CTIX uses Publishing ID for publishing indicators. Note that this feature is available in CTIX from the release version v3.3.4 and later.

      • The Threat Data ID is assigned to a threat data object when it is first observed in the CTIX platform, and it remains the same throughout its lifespan. For example, an indicator such as 123.122.121.2 will have the same threat data ID even if it is received from multiple sources.

      • The Publishing ID is assigned to a threat data object when published to a collection, changing with each publishing cycle. For example, if an indicator such as 123.122.121.2 is published twice from CTIX, it will have different Publishing IDs.

  • Rate Limit:

    • Per minute rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in a minute to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-minute rate limit to 200.

    • Per hour rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in an hour to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-hour rate limit to 10000.

    • Per day rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in a day to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-day rate limit to 75000.

  • Subscriber Authentication: Select the appropriate configuration based on your authentication requirements. Your choice will be reflected while configuring subscribers, ensuring the appropriate level of security and authentication.

    • Basic: Suitable for simple and straightforward authentication needs using username and password.

    • Certificate: Provides robust security for sensitive data and access control. If you select this authentication method, upload the certificate in the Certificates section.