Cyware Threat Intelligence eXchange

CTIX allows you to directly add IOCs fetched from Twitter feeds to the allowed indicators list. Adding an IOC to the allowed indicators list marks it safe to use and ignores it during threat data analysis by the analysts.

CTIX allows you to automate the intel creation process for IOCs received from RSS and Threat Mailbox feed sources.

The intel creation process can be automated for all the object types or you can select the specific object types while adding a new RSS and Threat Mailbox feed source.

CTIX supports the following new STIX components while creating intel using Detailed Submission:

For all these components you can:

CTIX enables you to attach a kill chain and its phases when you create intel using Detailed Submission. You can either create a custom kill chain and its phases using Custom Entities Management under Administration or use the existing kill chain and its phases available in the system. By default, CTIX provides Lockheed Martin and MITRE kill chains with their defined phases.

You can apply a kill chain to the following STIX components while creating a detailed submission:

CTIX supports Mandiant, iDefense, and Intel471 API integration connectors to fetch API feed sources. Using these API connectors, you can receive up-to-date malware, vulnerability, and adversary intelligence in the CTIX platform.

CTIX automatically sends an email notification to the assignee when you create and assign a task using the following components: