Skip to main content

Cyware Threat Intelligence eXchange

Manage Sectoral Feeds

You can enable any available Cyware Sectoral Feed directly from Intel Exchange. Once enabled, the feed starts polling automatically based on its configured schedule, and the threat data becomes available in the Threat Data module.

Note

Cyware Sectoral Feeds are available as part of the Cyware Intelligence Suite bundle. If your organization has access to this bundle, it typically includes the Malware Threat Feed, Ransomware Feed, and one sector-specific feed aligned to your industry. If you require access to additional sectoral feeds, contact your Cyware sales or support representative.

Enable a Sectoral Feed

To start receiving threat intelligence from a feed, you must enable it in Intel Exchange. Once enabled, the feed becomes active, and you can view the ingested threat data objects under Threat Data.

Steps

To enable a sectoral feed, follow these steps:

  1. Go to Integration Management > APIs > System Feeds.

  2. Locate the sectoral feed you want to enable. For example, Cyware Financial Threat Feed

  3. Turn on the toggle to enable it.

  4. Click the feed card to view the feed details. In the Feed Channels table, ensure the relevant channel toggle is also enabled.

    After you enable the feed, Intel Exchange begins polling threat intelligence specific to the sector. You can view the polled data in the Threat Data section. For more information, see View Threat Data.

View Polling Frequency

Each sectoral feed is polled at regular intervals to ensure that Intel Exchange receives up-to-date threat intelligence. The feeds are configured to poll threat data automatically.

The default automatic polling interval for all sectoral feeds is 720 minutes (twice daily).

View Threat Data

After you enable a sectoral feed, Intel Exchange ingests relevant threat intelligence into Threat Data. Each object provides a unified view of its details, helping you investigate and act on threats specific to your sector.

The following information is available when reviewing an ingested threat data object:

  • Overview: Review key attributes, source details, tags, and sectoral relevance at a glance. For more information, see Overview.

  • Analysis: View a comprehensive breakdown of the threat object's characteristics and associated context:

    • Analyze static and dynamic findings generated from tools like PEFile, EXIFTool, LIEF, CAPE, Triage, and other external scan results. For more information, see Understand Sectoral Feed Data.

    • Contribute analyst-driven details, including descriptions, custom TLP values, and any additional observations relevant to your investigation. Use quick actions to tag, relate, enrich, or escalate threat data objects ingested from sectoral feeds. For more information, see Analysis.

  • Relations: Understand how this object links to related threat data, such as malware families, attack infrastructure, or adversary campaigns. For more information, see Relations.

  • Quick Actions: Use quick actions to tag, relate, enrich, or escalate threat data objects ingested from sectoral feeds. For more information, see Action on Threat Data Objects.