Skip to main content

Cyware Threat Intelligence eXchange

Cyware Sectoral Feeds

Notice

This feature is available in Intel Exchange v3.7.5.0 (EA) onwards. Contact your Cyware sales or support representative to gain access to the feed.

Cyware Sectoral Feeds delivers daily threat intelligence tailored to your industry. You receive malware and ransomware indicators of compromise (IOCs) that are enriched with technical context and filtered by sectors, such as healthcare, finance, energy, and more. These feeds help you focus on threats relevant to your environment, reduce noise, and support faster triage, investigation, and response.

What are the use cases of Cyware Sectoral Feeds? 

  • Prioritize Sector-Specific Threats: Filter IOCs based on targeted industry sectors, such as finance, healthcare, and more, to reduce noise and focus on threats most relevant to your organization.

  • Access Curated Malware Intelligence: Ingest enriched malware and ransomware hashes with context such as malware families, AV scan results, and detailed metadata from PE, LIEF, and EXIFTool. Use this data to accelerate detection and deepen analysis.

  • Accelerate IOC Enrichment and Triage: Enrich hashes with related indicators (IPs, domains, URLs), dropped files, configuration data, and mapped MITRE ATT&CK techniques. Speed up triage and reduce manual correlation during investigations.

  • Correlate Threats Visually: Use Intel Exchange threat visualizer to pivot across interconnected malware samples, infrastructure, and attack techniques, enabling more intuitive and comprehensive threat analysis.

  • Align with MITRE ATT&CK for Operational Use: Leverage MITRE ATT&CK mapping for standardized reporting, detection engineering, and use in red/blue team exercises or adversary emulation.

Supported Feeds

Cyware provides the following sector-specific and cross-sector threat intelligence API feeds. These feeds deliver enriched intelligence that you can ingest into your threat workflows to detect, analyze, and respond to evolving threats.

Sector-Specific Feeds

Feed

Description

Cyware Financial Threat Feed 

Provides threat data to help financial institutions defend against phishing, credential theft, and targeted malware

Cyware Energy Threat Feed 

Provides threat data to help energy providers protect critical infrastructure and detect ICS/SCADA-targeted attacks

Cyware Healthcare Threat Feed 

Provides threat data to help healthcare organizations detect ransomware, data breaches, and medical device targeting

Cyware Manufacturing Threat Feed 

Provides threat data to help manufacturers safeguard supply chains, production systems, and industrial controls

Cyware Government Threat Feed 

Provides threat data to help government agencies track cyber espionage, APTs, and public sector-targeted attacks

Cyware OT Threat Feed 

Provides threat data to help secure operational technology (OT) in industrial and critical infrastructure

Cross-Sector Feeds

Feed

Description

Cyware Ransomware Feed 

Provides threat data to help track active ransomware campaigns with insights relevant to specific sectors

Cyware Malware Threat Feed 

Provides threat data to help detect and analyze malware campaigns affecting multiple sectors

Supported Object Types

You can use Cyware Sectoral Feeds to retrieve threat intelligence about the following object types:

  • Indicator (IPv4, URL, Domain, File)

  • Attack Pattern

  • Malware

  • Observable (SHA1, SHA256, SHA512, MD5, SSDEEP)