Introduction
CTIX is an any-to-any threat intelligence platform (TIP) that is built as a unique solution for the collection, processing, and dissemination of threat intelligence data in various formats. CTIX allows you to receive and share threat intelligence in the form of human and machine-readable packages. By utilizing the Structured Threat Information eXpression (STIX) format and the Trusted Automated Exchange of Intelligence Information (TAXII) mechanism, CTIX achieves Threat Data enrichment and threat intelligence exchange. In addition to that, the CTIX application systematically converts, stores, and organizes actionable threat data across various formats including STIX 1.x, STIX 2.0, XML, JSON, Cybox, OpenIOC, and MAEC. Analysts can also share threat intelligence bi-directionally to create STIX to/from IOCs in any format for faster, richer threat intel sharing capabilities.
CTIX forms the backbone of an organization's threat intelligence with its ability to perform the following key functions:
Aggregate intelligence from multiple sources
Curate, normalize, and enrich data
Integrate with existing security systems
Analyze and share threat intelligence
Benefits
The main benefits of CTIX are:
Automate and simplify the process of collecting, aggregating, and organizing threat intel.
Normalize, eliminate duplicate data, and enrich the threat intel using the capabilities of CTIX.
Monitor, detect, validate, and respond to potential security threats in real-time.
Coordinates with existing Security Information and Event Management (SIEM) and other third-party tools to specify a value to the alerts based on their priority.
Securely shares threat intelligence with other significant teams and external security team experts.
Key Features
CTIX is an any-to-any threat intelligence platform (TIP) that is built as a unique solution for the collection, processing, and dissemination of threat intelligence data in various formats. CTIX allows you to receive and share Threat Intelligence in the form of human and machine-readable packages.
Share Intel with Third-party security solutions: The CTIX application can seamlessly integrate with SIEM, log management, and other security solutions to share processed threat intelligence. This reduces an organization's burden of establishing and maintaining multiple integrations. Threat intel shared from the CTIX application helps to enforce actions and monitor the integrated applications. The possible integrations include SIEM, EDR, Firewall, IPS, IDS, and API.
Receiving trusted threat intel from CTIX Hub or other government agencies
Securing exchange of threat information with their own clients and vendors (CTIX Spokes)
Receiving real-time threat intel from various Intel feed providers
Automation using CTIX Rules: Analysts can build automation Rules to identify critical IOCs based on Source scoring, IOC scoring, Confidence Score values, etc. This helps them to handle a large number of threat data objects with multiple IOCs, which helps them avoid potential obstacles when investigating potential indicators. When they receive a threat intel package that contains malicious information, Rules can automatically identify the Indicator and weigh it against the defined criticality scores configured by an analyst. Analysts can also program Rules to deploy automated actions, which automates the process of manually analyzing all received threat data.
Publishing to Collections: After Intel Processing, Analysts can publish intel packages to subscribers and CTIX Spokes in two different ways.
Manually publish threat intel packages to required subscribers and CTIX Spokes.
Rules can automatically publish the processed intel packages to appropriate subscribers and Spoke organizations.
Bi-Directional Intel Exchange: CTIX Spoke organizations can share threat intel packages back to the CTIX Hub. This allows a trusted exchange of threat intel between intel-sharing communities and peer organizations.