Share Blog post
- Sourced Threat Intelligence: The sourced intelligence is automatically ingested and normalized in real-time into several STIX standards including STIX 1.x, STIX 2.0, and STIX 2.1. Enterprises can use this capability to ingest and normalize technical threat intelligence sourced from commercial threat intelligence providers, vendors, ISACs/ISAOs, CERTs, and others.
- Custom Threat Intelligence: The Threat Intelligence Analysts can use STIX 2.1 forms for manual conversion of custom intelligence into STIX 2.1 packages. The forms provide three fold-capability for creating of STIX 2.1 intel packages.
- Quick Submission: This form allows threat intelligence analysts to quickly create STIX 2.1 packages with minimal information. The CTIX platform runs automated analysis tasks in the background to draw full intelligence and patterns on the malicious attributes.
- Detailed Submission: The detailed submission form allows threat intelligence analysts to create detailed STIX 2.1 packages. The feature also enables the creation of Custom Objects and Relations.
- Free Text Conversion to STIX Package: Threat intelligence teams can also automatically convert free text into a STIX 2.1 package with just a click of a button.
- STIX Objects categorize each piece of information with specific attributes to be populated. Chaining multiple objects together through relationships allow for easy or complex representations of cyber threat intelligence.
- STIX 2.1 defines 18 SDOs which are Attack Pattern, Campaign, Course of Action, Grouping, Identity, Indicator, Intrusion Set, Infrastructure, Location, Malware, Malware Analysis, Note, Observed Data, Opinion, Report, Threat Actor, Tool, and Vulnerability.
- CTIX offers support for all 18 SDOs as defined in STIX 2.1 standard.
- More and more organizations are now leveraging capabilities offered by CTIX to harvest and operationalize internal threat intelligence.
- Internal intel feeds are critical to drawing contextual and actionable threat intelligence for threat mitigation.
- Cyware has now extended STIX 2.1 support to these custom internal intel feeds for making the actioning and threat data dissemination to security tools a simple and convenient task for security teams.
Posted on: May 01, 2020
Get the Cyware Blog delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.