Threat Mailbox
CTIX offers Threat Mailbox to receive threat intel feeds from multiple email accounts. CTIX fetches intel from the attachments, email content, and password protected attachments. When an email is received in the integrated email inbox, you can view it in the Threat Mailbox. It allows analysts to integrate email accounts into the dashboard. You can create intel or STIX packages based on the email reports directly from Threat Mailbox. It works similarly to an email inbox. You can switch accounts to switch inboxes from the accounts drop-down. The email list on the left side of the screen shows a pin for emails containing attachments. You can download attachments from the footer section of the email.
Feature availability matrix.
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | Yes | Yes - one email account |
Before you start:
Ensure that you have View Threat Mailbox, Create Threat Mailbox, and Update Threat Mailbox permissions to access Threat Mailbox.
Only your CTIX Admin can assign access permissions to the user groups.
You can perform the following actions on the Threat Mailbox: