This site will be updating to the latest content for the next few hours and may be intermittently slow.

Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Threat sources

Log in to subscribe to topics and get notified when content changes.

Threat sources

You can maintain a list of Threat Intelligence threat sources. Each source includes the abilty to define how often a source is queried. You can also execute a threat source on demand to import the needed Structured Threat Information eXpression (STIX) data.

Threat Intelligence employs two technologies for importing threat-related information: STIX and Trusted Automated Exchange of Indicator Information (TAXII).

STIX provides a standardized, structured language for representing an extensive set of cyber threat information that includes indicators of compromise (IoC) activity (for example, IP addresses and file hashes), as well as contextual information regarding threats, such as attack modes/methods, that together more completely characterize a cyber adversary's motivations, capabilities, and activities. As such, STIX data provides valuable information on how your organization can best to defend against cyber threats.

Trusted Automated Exchange of Indicator Information (TAXII) is used to facilitate automated exchange of cyber threat information. TAXII defines a set of services and message exchanges that enable sharing of actionable cyber threat information across organization and product/service boundaries for the detection, prevention, and mitigation of cyber threats. TAXII profiles can be set up as repositories for sharing STIX-formatted information. Each profile contains one or more TAXII collections or feeds.