Skip to main content

Cyware Threat Intelligence eXchange

Configure TAXII Preferences

To configure your TAXII URL preferences, click Edit and update the following settings:

  • STIX Type: Select the required format for publishing threat intel from Intel Exchange. Intel Exchange supports STIX 1.1.1, STIX 1.2, STIX 2.0, STIX 2.1, and MISP formats for publishing threat intel. By default, it publishes the threat intel in the STIX 2.1 format. For more information about the scenarios that can occur when enabling multiple formats for publishing, see Configuration.

  • STIX Version for TAXII Server 1.x: Select a default STIX binding format for your TAXII 1.x server. Intel Exchange subscribers receive the threat intel feeds in the selected binding format.

  • Publishing Preferences:

    • Preference Method: Select between two types of IDs for publishing threat data objects - the Threat Data ID and the Publishing ID. By default, Intel Exchange uses Publishing ID for publishing indicators.

      Note

      This feature is available in Intel Exchange from v3.3.4 onwards.

      • The Threat Data ID is assigned to a threat data object when it is first observed in the Intel Exchange platform, and it remains the same throughout its lifespan. For example, an indicator such as 123.122.121.2 will have the same threat data ID even if it is received from multiple sources.

      • The Publishing ID is assigned to a threat data object when published to a collection, changing with each publishing cycle. For example, if an indicator such as 123.122.121.2 is published twice from Intel Exchange, it will have different Publishing IDs.

  • Rate Limit:

    • Per-minute rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in a minute to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-minute rate limit to 200.

    • Per-hour rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in an hour to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-hour rate limit to 10000.

    • Per-day rate limit for each subscriber: Set the number of calls a subscriber can make to the platform in a day to poll threat intel. After the set number of requests expires, the platform resets the rate limit automatically post the rolling window. You can set the maximum per-day rate limit to 75000.

  • Subscriber Authentication: Select the appropriate configuration based on your authentication requirements. Your choice will be reflected while configuring subscribers, ensuring the appropriate level of security and authentication.

    • Basic: Suitable for simple and straightforward authentication needs using username and password.

    • Certificate: Provides robust security for sensitive data and access control. If you select this authentication method, upload the certificate in the Certificates section.