Compare CTIX Product Editions
Features/Capabilities | CTIX Enterprise | CTIX Lite | CTIX Spoke |
---|---|---|---|
Dashboard | Out of Box Dashboard Sharing of Dashboard Feeds ROI | Out of Box Dashboard Sharing of Dashboard - | Out of Box Dashboard - Limited set of widgets - - |
Live Activity
| All | - | - |
Report | Out of the box widgets | Out of the box widgets | Max 2 reports |
Intel Collection | Unlimited Ingestion of IOC Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Intel Package Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Intel Package Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox -Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - - Threat Mailbox (1 mail account only) -Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
Inbox Capabilities | Unlimited | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
Indicators Allowed (Whitelist) | All | All | - |
Intel Scoring | Custom Confidence Score Engine | Custom Confidence Score Engine | - |
Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
Attack Navigator | Full Version | Full Version | - |
Threat Visualizer | Full Version | - | - |
Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
Task Management | Create and Action tasks | - | - |
My Org |
Saved Search Tagging Background Tasks Global Notes Watchlist Manual Review Yara Rules Domain Fuzzer | Saved Search Tagging Background Tasks Global Notes - Manual Review Yara Rules - | - |
Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
Integration | API Feed Connectors (Require Clients to enter API/License keys) Mandiant Threat IntelligenceCofense Intel 471 Dragos Crowdstrike Recorded Future Sixgill Flexera Volon Flashpoint Cyware Threat Feeds No out of box paid version enabled | API Feed Connectors (Require Clients to enter API/License keys) Mandiant Threat IntelligenceCofense Intel 471 Dragos Crowdstrike Recorded Future Sixgill Flexera Volon Flashpoint (2 Collections - Vulnerability Feeds and IoC Feeds, Paid Version - Out of the box Enabled, Auto Polling Enabled) Cyware Threat Feeds (STIX/TAXII - Out of the box Enabled, Auto Polling Enabled) | Cyware Threat Feeds, STIX Feeds - Max 5 STIX Sources |
Feed Enrichment | Connectors available in system (Require Clients to enter API/License keys) VirusTotal 2Hybrid Analysis Shodan WhoIs AbuseIPBD Alexa Bluecoat AlienVault OTX CVE Details Exploit Database Farsight DNSDB Google Browsing Have I been PWNED IBM Xforce Mandiant Threat Intelligence Maximind MX Toolbox NVD Phishtank Risk IQ alphaMountain Polyswarm No out of box paid version enabled | Connectors available in system (Require Clients to enter API/License keys) VirusTotal 2Hybrid Analysis Shodan WhoIs AbuseIPBD Alexa Bluecoat AlienVault OTX CVE Details Exploit Database Farsight DNSDB Google Browsing Have I been PWNED IBM Xforce Mandiant Threat Intelligence Maximind MX Toolbox NVD Phishtank Risk IQ alphaMountain (Custom Premium Plan - Enabled out of the box, Auto Enrichment) Polyswarm (Paid Version - Out of the box Enabled, Auto Enrichment) | - |
Tool Integration - SIEM | QRadar Exabeam Splunk | QRadar Exabeam Splunk | Qradar Exabeam Splunk Arcsight |
Tool Integration - Cyware Orchestrate Agent | QRadar Cortex XSOAR Splunk Splunk Phantom Exabeam | QRadar Cortex XSOAR Splunk Splunk Phantom Exabeam | - |
Tool Integration - SOAR Solution | Splunk Phantom Cortex XSOAR | Splunk Phantom Cortex XSOAR | Splunk Phantom Cortex XSOAR |
Tool Integration - Firewall | PFsense | - | - |
Tool Integration - Communicating Tools | Mattermost Plivo Twilio Sendgrid Msg91 | - | - |
Console Status | Fully Enabled | - | - |
SSO Enablement | Yes | - | - |
Hub and Spoke | Yes | - | - |
Open API | Yes | - | No |
Users | - | - | 2 |
Administration |