An Exclusive Threat Intelligence Processing and Collaboration Platform for ISAC/ISAO Members

CTIX Spoke is a threat intelligence processing and collaboration platform for ISAC/ISAO members to operationalize threat intelligence in a trusted sharing environment.

CTIX Spoke enables automated bi-directional threat intelligence sharing between ISAC/ISAO and its members and allows them to benefit from enterprise-class features without the commitment to a pricey enterprise threat intelligence platform.

Security teams can procure a CTIX Spoke instance only if their ISAC/ISAO uses CTIX Enterprise.

Finally, a Threat Intelligence Solution for:

ISAC/ISAO Members with Limited Resources and Teams


For ISAC/ISAO members starting their threat intelligence operations, CTIX Spoke provides the ability to get started quickly and easily. No longer do teams need to have an advanced enterprise-level expertise or security maturity to start leveraging threat intelligence. CTIX Spoke is cost-effective and creates less overhead for ISAC/ISAO members to operationalize threat intelligence.

Security Teams That Need CTI Ingestion and Reporting


CTIX Spoke empowers ISAC/ISAO members to better access, ingest, and report on actionable cyber threat intelligence. The module is designed to give these security teams more visibility into threats and data while integrating with existing technologies and taking action.

A Threat Intelligence Solution to:

Automatically Ingest Threat Indicators

Automatically Ingest Threat Indicators

Automatically ingest technical threat intelligence from your respective ISACs/ISAOs and share it back with them.

Receive, View, and Action IOCs

Receive, View, and Action IOCs

Gain access to a dedicated threat intelligence module to receive, view, and take automated action on threat indicators of compromise (IOCs).

Automatically Action Intelligence Feeds

Automatically Action Intelligence Feeds

Take automated action on scored technical threat intelligence directly in your security tools including SIEM, firewall, IPS, NBAD, UEBA, etc. using out-of-the-box rules or SOAR.

Ingest, Analyze, and Act on Relevant, Enriched Intelligence

CTIX Spoke Features

Ingest Threat Indicators and Observables (IOCs) in STIX 2.1

Ingest Threat Indicators and Observables (IOCs) in STIX 2.1

Ingest and normalize threat indicators including IOCs, TTPs, and other STIX Domain Objects (SDOs) into standardized formats including the latest STIX 2.1 format for faster actioning and sharing back to the ISAC/ISAO hub.

Bi-directional Threat Intelligence Sharing

Bi-directional Threat Intelligence Sharing

Effectively operationalize technical threat intelligence in your trusted sharing environment by sharing pertinent threat intelligence with your ISAC/ISAO using CTIX Spoke.

Easy Integration With Security Tools

Easy Integration With Security Tools

Any threat intelligence solution, be it entry-level or enterprise-grade, is incomplete without integrations meant for threat intel actioning. Security teams can leverage CTIX Spoke to take action in their existing security technology stack on indicators received from their ISAC/ISAO hub.

Scale Threat Intelligence Operations Over Time

Scale Threat Intelligence Operations Over Time

Supercharge your threat intelligence operations with more advanced features, including an advanced rules engine, threat investigator, confidence scoring, and others, and enable end-to-end threat intel lifecycle automation as your security requirements, and teams grow.

Compare CTIX Product Editions

Features/Capabilities
CTIX Enterprise
CTIX Lite
CTIX Spoke
Dashboard

Out of Box Dashboard


Sharing of Dashboard


Feeds ROI

Out of Box Dashboard


Sharing of Dashboard


-

Out of Box Dashboard - Limited set of widgets

-


-

Live Activity
All
-
-
Report
Out of the box widgets
Out of the box widgets
Limited widgets
Intel Collection

Unlimited Ingestion of IOC


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Intel Package
Threat Bulletin - Create & View
Unstructured Intel - RSS

Unstructured Intel - Threat Mailbox


Unstructured Intel - Twitter Module


Quick Add Intel
Webscraper, Webhooks

Manual Intel Ingestion via text, URL, file import

Upper limit to 50K Objects / Day


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Intel Package
Threat Bulletin - View
Unstructured Intel - RSS

Unstructured Intel - Threat Mailbox

-

Quick Add Intel
Webscraper

Manual Intel Ingestion via text, URL, file import

Upper limit to 10k Objects / Day


Threat Data - All SDO support (STIX 2.1 support for ingestion)


Intel Package
-
-

Threat Mailbox (1 mail account only)

-

Quick Add Intel
-

Manual Intel Ingestion via text, URL, file import

Inbox Capabilities
Unlimited

Sharing is allowed to any 3 TAXII Feed Providers

Sharing is allowed to any 1 TAXII Feed Providers

Indicators Allowed (Whitelist)
All
All
-
Intel Scoring
Custom Confidence Score Engine
Custom Confidence Score Engine

Non configurable confidence score engine with source confidence

Rules Engine
Build your own rule - Unlimited

Build your own rule - Max of 10 active rules

Build your own rule - Max of 2 active rules

Attack Navigator
Full Version
Full Version
-
Threat Visualizer
Full Version
-
-
Analyst Workbench
Fang-Defang
STIX Conversion
Encode-Decode 64
CVSS Calculator
Network Utilities
-
-
Task Management
Create and Action tasks
-
-
My Org
Saved Search
Tagging
Background Tasks
Global Notes
Watchlist
Manual Review
Yara Rules
Domain Fuzzer
Saved Search
Tagging
Background Tasks
Global Notes
-
Manual Review
Yara Rules
-
-
Authentication
Username/Password
LDAP
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - TOTP
Integration

API Feed Connectors (Require Clients to enter API/License keys)

Mandiant Threat Intelligence
Cofense
Intel 471
Dragos
Crowdstrike
Recorded Future
Sixgill
Flexera
Volon

Bambenek



Flashpoint


Cyware Threat Feeds


No out of box paid version enabled

API Feed Connectors (Require Clients to enter API/License keys)

Mandiant Threat Intelligence
Cofense
Intel 471
Dragos
Crowdstrike
Recorded Future
Sixgill
Flexera
Volon

Bambenek (2 Collection - IP and Domain Feeds, Paid Version - Out of the box Enabled, Auto Polling Enabled)


Flashpoint (2 Collections - Vulnerability Feeds and IoC Feeds, Paid Version - Out of the box Enabled, Auto Polling Enabled)


Cyware Threat Feeds (STIX/TAXII - Out of the box Enabled, Auto Polling Enabled)


Cyware Threat Feeds, STIX Feeds - Max 5 STIX Sources

Feed Enrichment

Connectors available in system (Require Clients to enter API/License keys)

VirusTotal 2
Hybrid Analysis
Shodan
WhoIs
AbuseIPBD
Alexa
Bluecoat
AlienVault OTX
CVE Details
Exploit Database
Farsight DNSDB
Google Browsing
Have I been PWNED
IBM Xforce
Mandiant Threat Intelligence
Maximind
MX Toolbox
NVD
Phishtank
Risk IQ

Comodo



Polyswarm


No out of box paid version enabled

Connectors available in system (Require Clients to enter API/License keys)

VirusTotal 2
Hybrid Analysis
Shodan
WhoIs
AbuseIPBD
Alexa
Bluecoat
AlienVault OTX
CVE Details
Exploit Database
Farsight DNSDB
Google Browsing
Have I been PWNED
IBM Xforce
Mandiant Threat Intelligence
Maximind
MX Toolbox
NVD
Phishtank
Risk IQ

Comodo (Paid Version - Out of the box Enabled, Auto Enrichment)

Polyswarm (Paid Version - Out of the box Enabled, Auto Enrichment)


-
Tool Integration - SIEM
QRadar
Exabeam
Splunk
QRadar
Exabeam
Splunk
Qradar
Exabeam
Splunk
Arcsight
Tool Integration - CSOL Agent
QRadar
Cortex XSOAR
Splunk
Splunk Phantom
Exabeam
QRadar
Cortex XSOAR
Splunk
Splunk Phantom
Exabeam
-
Tool Integration - SOAR Solution
Splunk Phantom
Cortex XSOAR
Splunk Phantom
Cortex XSOAR
Splunk Phantom
Cortex XSOAR
Tool Integration - Firewall
PFsense
-
-
Tool Integration - Communicating Tools
Mattermost
Plivo
Twilio
Sendgrid
Msg91
-
-
Console Status
Fully Enabled
-
-
SSO Enablement
Yes
-
-
Hub and Spoke
Yes
-
-
Open API
Yes
-
No
Users
-
-
2
Administration
User
License
Configuration
Subscriber

Certificate Management

GO TO CTIX Enterprise
User
License
Configuration
-

Certificate Management

GO TO CTIX LITE


Configuration

GO TO CTIX SPOKE

Request a Demo of CTIX Spoke

CTIX Spoke is available today to members of those ISACs/ISAOs that are using CTIX Enterprise. If your ISAC/ISAO is not using CTIX Enterprise, recommend it by Clicking here.

If your ISAC/ISAO has CTIX Enterprise, request a demo here.

Frequently Asked Questions

Only those ISAC/ISAO members can avail CTIX Spoke whose ISAC/ISAO is using CTIX Enterprise. For those, who do not fall in this category, please reach out to us for the CTIX Enterprise and Lite platforms.