Threat sources

You can maintain a list of Threat Intelligence threat sources. Each source includes the abilty to define how often a source is queried. You can also execute a threat source on demand to import the needed Structured Threat Information eXpression (STIX) data.

Threat Intelligence employs two technologies for importing threat-related information: STIX and Trusted Automated Exchange of Indicator Information (TAXII).

STIX provides a standardized, structured language for representing an extensive set of cyber threat information that includes indicators of compromise (IoC) activity (for example, IP addresses and file hashes), as well as contextual information regarding threats, such as attack modes/methods, that together more completely characterize a cyber adversary's motivations, capabilities, and activities. As such, STIX data provides valuable information on how your organization can best to defend against cyber threats.

Trusted Automated Exchange of Indicator Information (TAXII) is used to facilitate automated exchange of cyber threat information. TAXII defines a set of services and message exchanges that enable sharing of actionable cyber threat information across organization and product/service boundaries for the detection, prevention, and mitigation of cyber threats. TAXII profiles can be set up as repositories for sharing STIX-formatted information. Each profile contains one or more TAXII collections or feeds.