Intel Exchange Lite

A cloud-native, fully automated cyber threat intelligence exchange platform with pre-loaded premium threat intelligence feeds and enrichments for small and medium-sized security teams.

Threat Intel Platform (TIP) Built for Small and Medium-sized Cybersecurity Teams

Operationalize pre-loaded premium threat intel feeds, automate threat intel actioning, and share and collaborate better with ISACs, ISAOs, and private information sharing communities.

Pre-loaded Feeds and Enrichments

Pre-loaded Feeds and Enrichments

Kickstart threat intel operations with pre-loaded premium threat intelligence feeds and enrichments from Flashpoint, alphaMountain, PolySwarm, Cyware, and more.
Bidirectional Intel Sharing

Bidirectional Intel Sharing

Collaborate better with information sharing communities (ISACs, ISAOs, and private sharing communities) by receiving and sharing threat intelligence in STIX 2.x format.
Pre-built SIEM Integrations

Pre-built SIEM Integrations

Leverage Pre-built SIEM connectors to automatically update your SIEM records and perform SIEM lookup for threat detection and monitoring without writing complex playbooks.

Automate Ingestion, Analysis, and Actioning of Contextual, Enriched Threat Intel

Intel Exchange Lite enables small and mid-sized cybersecurity teams to operationalize and exchange threat intelligence data in a fully automated manner with advanced customization, integrations with detection tools, and security collaboration capabilities.

Kickstart TI Ops at Zero Extra Cost

Kickstart TI Ops at Zero Extra Cost

Start threat intel operations by leveraging pre-bundled premium feeds and enrichments from Flashpoint, PolySwarm, alphaMountain, and more at zero extra cost.
Multi-Source Threat Intel Collection

Multi-Source Threat Intel Collection

Automatically ingest and parse structured and unstructured threat intel in STIX format from commercial feed providers, ISACs/ISAOs, blogs, emails, etc.
Custom IOC Confidence Scoring

Custom IOC Confidence Scoring

Score every piece of ingested threat intel to identify and proactively take actions on high-priority threat indicators (IOCs) at machine speed.
Automated Threat Intel Actioning

Automated Threat Intel Actioning

Automatically trigger threat actioning in deployed security tools such as SIEM, EDR, firewalls, etc., with an in-built custom automation rules engine.
Personalized Reports

Personalized Reports

Create enriched and personalized custom reports and threat views for SOC/IR/TI teams and governance stakeholders such as CISOs, Heads of SOC/TI/IR teams, etc.
Cyware Query Language

Cyware Query Language

Build powerful queries with sophisticated logic, drill deeper into the voluminous intel, and retrieve specific threat data using the Cyware Query Language (CQL).
Security Metrics

Security Metrics

Track critical security metrics with the readily available widget library. Continuously monitor the flow of threat intel across your security operation workflows.

Top Use Cases

Request a free demo and connect with our team of experts to learn more about Intel Exchange Lite and how you can kickstart fully automated threat intel operations within minutes with Intel Exchange Lite.

STIX-based Bidirectional Threat Intel Sharing with ISACs/ISAOs

Automated Threat Intel Ingestion from Commercial and OSINT Sources

Automated Threat Intel Enrichment and Contextualization

Automated SIEM Lookup, Reference, and Intel Update for Threat Detection and Monitoring

Automated blocking of Threat Indicators (IOCs) in Firewalls, AV, IPS, etc.

Assign High-Priority Indicators and Threats to Analysts for Manual Review

Compare Intel Exchange Product Editions

Features/Capabilities
Intel Exchange
Intel Exchange Lite
Intel Exchange Spoke
Dashboard

Out-of-the-Box Dashboard


Sharing of Dashboard


Feeds ROI

Out-of-the-Box Dashboard


Sharing of Dashboard


-

Out-of-the-Box Dashboard - Limited set of widgets

-


-

Reports
Custom Reporting Capabilities
Custom Reporting Capabilities
Custom Reporting Capabilities Max. 2 reports
Intel Collection

Customizable to Your Organization’s Unique Needs


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Threat Bulletin - Create & View


Unstructured Intel - RSS


Unstructured Intel - Threat Mailbox


Unstructured Intel - Twitter Module


Quick Add Intel, Import Intel
Webscraper, Webhooks

Manual Intel Ingestion via text, URL, file import

Upper limit to 50K Objects / Day


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Threat Bulletin - View


Unstructured Intel - RSS


Unstructured Intel - Threat Mailbox

-


Quick Add Intel, Import Intel
Webscraper

Manual Intel Ingestion via text, URL, file import

Upper limit to 10k Objects / Day


Threat Data - All SDO support (STIX 2.1 support for ingestion)


-


-


Threat Mailbox (1 mail account only)

-


Quick Add Intel, Import Intel
-

Manual Intel Ingestion via text, URL, file import

Inbox Capabilities

Customizable to Your Organization’s Unique Needs

Sharing is allowed to any 3 TAXII Feed Providers

Sharing is allowed to any 1 TAXII Feed Providers

Indicators Allowed (Allowlist)
All
All
-
Intel Scoring
Confidence Score Engine
Confidence Score Engine

-

Rules Engine
Build your own rule - Unlimited

Build your own rule - Max of 10 active rules

Build your own rule - Max of 2 active rules

Attack Navigator
Full Version
Full Version
-
Threat Investigation
Full Version
-
-
Dissemination - Detailed Submission

Customizable to Your Organization’s Unique Needs

Inbox to any 3 TAXI feed providers

Inbox to any 1 TAXI feed provider
Analyst Workbench
Fang-Defang
STIX Conversion
Encode-Decode 64
CVSS Calculator
Network Utilities
-
-
Global Tasks
Create and Action tasks
-
-
My Org
Indicators Allowed
Watchlist
Tags
Indicators Allowed
Watchlist
Tags
-
Authentication
Username/Password
LDAP
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - TOTP
Feed Integrations
All
All
All
STIX and ISAC Integration
All
All
Maximum 5 STIX/ISAC sources
Feed Enrichment
All
All
-
Tool Integration - SIEM
All
All
All
Tool Integration - SOAR Solution
All
All
All
Tool Integration - Network Security
All
All
All
Tool Integration - Endpoint Detection Response
All
All
All
Console Status
Fully Enabled
-
-
SSO Enablement
Yes
-
-
Hub and Spoke
Yes
-
-
Open API
Yes
Yes
Available in Select Configurations Only
Users
-
-
2
Administration
User Management
License Management
Custom Entities Management
Audit Log Management
Subscribers
Configuration
Audit Log Management
User Management
License Management
Configuration



User Management
Configuration




Frequently Asked Questions

Traditional enterprise-grade Threat Intelligence Platforms (TIPs) have been designed for large enterprises. However, the present-day threat landscape necessitates that security teams of all sizes have their own automated TIP that enables them to ingest, analyze, enrich, and take actions on threat intelligence in real time. If you are a small or mid-sized security team facing similar challenges, then Intel Exchange Lite is the right platform for you.