An Exclusive Threat Intelligence Processing and Collaboration Platform for ISAC/ISAO Members
CTIX Spoke is a threat intelligence processing and collaboration platform for ISAC/ISAO members to operationalize threat intelligence in a trusted sharing environment.
CTIX Spoke enables automated bi-directional threat intelligence sharing between ISAC/ISAO and its members and allows them to benefit from enterprise-class features without the commitment to a pricey enterprise threat intelligence platform.
Security teams can procure a CTIX Spoke instance only if their ISAC/ISAO uses CTIX Enterprise.
Finally, a Threat Intelligence Solution for:
ISAC/ISAO Members with Limited Resources and Teams
For ISAC/ISAO members starting their threat intelligence operations, CTIX Spoke provides the ability to get started quickly and easily. No longer do teams need to have an advanced enterprise-level expertise or security maturity to start leveraging threat intelligence. CTIX Spoke is cost-effective and creates less overhead for ISAC/ISAO members to operationalize threat intelligence.
Security Teams That Need CTI Ingestion and Reporting
CTIX Spoke empowers ISAC/ISAO members to better access, ingest, and report on actionable cyber threat intelligence. The module is designed to give these security teams more visibility into threats and data while integrating with existing technologies and taking action.
A Threat Intelligence Solution to:
Automatically Ingest Threat Indicators
Automatically ingest technical threat intelligence from your respective ISACs/ISAOs and share it back with them.
Receive, View, and Action IOCs
Gain access to a dedicated threat intelligence module to receive, view, and take automated action on threat indicators of compromise (IOCs).
Automatically Action Intelligence Feeds
Take automated action on scored technical threat intelligence directly in your security tools including SIEM, firewall, IPS, NBAD, UEBA, etc. using out-of-the-box rules or SOAR.
Ingest, Analyze, and Act on Relevant, Enriched Intelligence
CTIX Spoke Features
Ingest Threat Indicators and Observables (IOCs) in STIX 2.1
Ingest and normalize threat indicators including IOCs, TTPs, and other STIX Domain Objects (SDOs) into standardized formats including the latest STIX 2.1 format for faster actioning and sharing back to the ISAC/ISAO hub.
Bi-directional Threat Intelligence Sharing
Effectively operationalize technical threat intelligence in your trusted sharing environment by sharing pertinent threat intelligence with your ISAC/ISAO using CTIX Spoke.
Easy Integration With Security Tools
Any threat intelligence solution, be it entry-level or enterprise-grade, is incomplete without integrations meant for threat intel actioning. Security teams can leverage CTIX Spoke to take action in their existing security technology stack on indicators received from their ISAC/ISAO hub.
Scale Threat Intelligence Operations Over Time
Supercharge your threat intelligence operations with more advanced features, including an advanced rules engine, threat investigator, confidence scoring, and others, and enable end-to-end threat intel lifecycle automation as your security requirements, and teams grow.
Compare CTIX Product Editions
Features/Capabilities | CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|---|
Dashboard | Out of Box Dashboard Sharing of Dashboard Feeds ROI | Out of Box Dashboard Sharing of Dashboard - | Out of Box Dashboard - Limited set of widgets - - |
Reports | Custom reporting Capabilities | Custom reporting Capabilities | Custom reporting Capabilities
Max. 2 reports |
Intel Collection | Unlimited Ingestion of IOC Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox -Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) -Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
Inbox Capabilities | Unlimited | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
Indicators Allowed (Whitelist) | All | All | - |
Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
Attack Navigator | Full Version | Full Version | - |
Threat Investigation | Full Version | - | - |
Dissemination - Detailed Submission | Unlimited | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
Global Tasks | Create and Action tasks | - | - |
My Org |
Indicators Allowed Watchlist Tags | Indicators Allowed Watchlist Tags | - |
Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
Integrations | All | All | All
|
STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
Feed Enrichment | All | All | All |
Tool Integration - SIEM | All | All | All |
Tool Integration - SOAR Solution | All | All | All |
Tool Integration - Network Security | All | All | All |
Tool Integration - Endpoint Detection Response | All | All | All |
Console Status | Fully Enabled | - | - |
SSO Enablement | Yes | - | - |
Hub and Spoke | Yes | - | - |
Open API | Yes | - | No |
Users | - | - | 2 |
Administration | User Management License Management Custom Entities Management Audit Log Management Subscribers Configuration | Audit Log Management User Management License Management Configuration |
User Management Configuration |
Request a Demo of CTIX Spoke
CTIX Spoke is available today to members of those ISACs/ISAOs that are using CTIX Enterprise. If your ISAC/ISAO is not using CTIX Enterprise, recommend it by Clicking here.
If your ISAC/ISAO has CTIX Enterprise, request a demo here.
Frequently Asked Questions
Who can avail CTIX Spoke?
Only those ISAC/ISAO members can avail CTIX Spoke whose ISAC/ISAO is using CTIX Enterprise. For those, who do not fall in this category, please reach out to us for the CTIX Enterprise and Lite platforms.