An Exclusive Threat Intelligence Processing and Collaboration Platform for ISAC/ISAO Members
CTIX Spoke is a threat intelligence processing and collaboration platform for ISAC/ISAO members to operationalize threat intelligence in a trusted sharing environment.
CTIX Spoke enables automated bi-directional threat intelligence sharing between ISAC/ISAO and its members and allows them to benefit from enterprise-class features without the commitment to a pricey enterprise threat intelligence platform.
Security teams can procure a CTIX Spoke instance only if their ISAC/ISAO uses CTIX Enterprise.
Finally, a Threat Intelligence Solution for:
ISAC/ISAO Members with Limited Resources and Teams
For ISAC/ISAO members starting their threat intelligence operations, CTIX Spoke provides the ability to get started quickly and easily. No longer do teams need to have an advanced enterprise-level expertise or security maturity to start leveraging threat intelligence. CTIX Spoke is cost-effective and creates less overhead for ISAC/ISAO members to operationalize threat intelligence.
Security Teams That Need CTI Ingestion and Reporting
CTIX Spoke empowers ISAC/ISAO members to better access, ingest, and report on actionable cyber threat intelligence. The module is designed to give these security teams more visibility into threats and data while integrating with existing technologies and taking action.
A Threat Intelligence Solution to:
Automatically Ingest Threat Indicators
Automatically ingest technical threat intelligence from your respective ISACs/ISAOs and share it back with them.
Receive, View, and Action IOCs
Gain access to a dedicated threat intelligence module to receive, view, and take automated action on threat indicators of compromise (IOCs).
Automatically Action Intelligence Feeds
Take automated action on scored technical threat intelligence directly in your security tools including SIEM, firewall, IPS, NBAD, UEBA, etc. using out-of-the-box rules or SOAR.
Ingest, Analyze, and Act on Relevant, Enriched Intelligence
CTIX Spoke Features
Ingest Threat Indicators and Observables (IOCs) in STIX 2.1
Ingest and normalize threat indicators including IOCs, TTPs, and other STIX Domain Objects (SDOs) into standardized formats including the latest STIX 2.1 format for faster actioning and sharing back to the ISAC/ISAO hub.
Bi-directional Threat Intelligence Sharing
Effectively operationalize technical threat intelligence in your trusted sharing environment by sharing pertinent threat intelligence with your ISAC/ISAO using CTIX Spoke.
Easy Integration With Security Tools
Any threat intelligence solution, be it entry-level or enterprise-grade, is incomplete without integrations meant for threat intel actioning. Security teams can leverage CTIX Spoke to take action in their existing security technology stack on indicators received from their ISAC/ISAO hub.
Scale Threat Intelligence Operations Over Time
Supercharge your threat intelligence operations with more advanced features, including an advanced rules engine, threat investigator, confidence scoring, and others, and enable end-to-end threat intel lifecycle automation as your security requirements, and teams grow.
Compare CTIX Product Editions
Features/Capabilities | CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|---|
Dashboard | Out of Box Dashboard Sharing of Dashboard Feeds ROI | Out of Box Dashboard Sharing of Dashboard - | Out of Box Dashboard - Limited set of widgets - - |
Live Activity
| All | - | - |
Report | Out of the box widgets | Out of the box widgets | Limited widgets |
Intel Collection | Unlimited Ingestion of IOC Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Intel Package Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Intel Package Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox -Quick Add Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) Intel Package - - Threat Mailbox (1 mail account only) -Quick Add Intel - Manual Intel Ingestion via text, URL, file import |
Inbox Capabilities | Unlimited | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
Indicators Allowed (Whitelist) | All | All | - |
Intel Scoring | Custom Confidence Score Engine | Custom Confidence Score Engine | Non configurable confidence score engine with source confidence |
Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
Attack Navigator | Full Version | Full Version | - |
Threat Visualizer | Full Version | - | - |
Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
Task Management | Create and Action tasks | - | - |
My Org |
Saved Search Tagging Background Tasks Global Notes Watchlist Manual Review Yara Rules Domain Fuzzer | Saved Search Tagging Background Tasks Global Notes - Manual Review Yara Rules - | - |
Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
Integration | API Feed Connectors (Require Clients to enter API/License keys) Mandiant Threat IntelligenceCofense Intel 471 Dragos Crowdstrike Recorded Future Sixgill Flexera Volon Bambenek Flashpoint Cyware Threat Feeds No out of box paid version enabled | API Feed Connectors (Require Clients to enter API/License keys) Mandiant Threat IntelligenceCofense Intel 471 Dragos Crowdstrike Recorded Future Sixgill Flexera Volon Bambenek (2 Collection - IP and Domain Feeds, Paid Version - Out of the box Enabled, Auto Polling Enabled) Flashpoint (2 Collections - Vulnerability Feeds and IoC Feeds, Paid Version - Out of the box Enabled, Auto Polling Enabled) Cyware Threat Feeds (STIX/TAXII - Out of the box Enabled, Auto Polling Enabled) | Cyware Threat Feeds, STIX Feeds - Max 5 STIX Sources |
Feed Enrichment | Connectors available in system (Require Clients to enter API/License keys) VirusTotal 2Hybrid Analysis Shodan WhoIs AbuseIPBD Alexa Bluecoat AlienVault OTX CVE Details Exploit Database Farsight DNSDB Google Browsing Have I been PWNED IBM Xforce Mandiant Threat Intelligence Maximind MX Toolbox NVD Phishtank Risk IQ Comodo Polyswarm No out of box paid version enabled | Connectors available in system (Require Clients to enter API/License keys) VirusTotal 2Hybrid Analysis Shodan WhoIs AbuseIPBD Alexa Bluecoat AlienVault OTX CVE Details Exploit Database Farsight DNSDB Google Browsing Have I been PWNED IBM Xforce Mandiant Threat Intelligence Maximind MX Toolbox NVD Phishtank Risk IQ Comodo (Paid Version - Out of the box Enabled, Auto Enrichment) Polyswarm (Paid Version - Out of the box Enabled, Auto Enrichment) | - |
Tool Integration - SIEM | QRadar Exabeam Splunk | QRadar Exabeam Splunk | Qradar Exabeam Splunk Arcsight |
Tool Integration - CSOL Agent | QRadar Cortex XSOAR Splunk Splunk Phantom Exabeam | QRadar Cortex XSOAR Splunk Splunk Phantom Exabeam | - |
Tool Integration - SOAR Solution | Splunk Phantom Cortex XSOAR | Splunk Phantom Cortex XSOAR | Splunk Phantom Cortex XSOAR |
Tool Integration - Firewall | PFsense | - | - |
Tool Integration - Communicating Tools | Mattermost Plivo Twilio Sendgrid Msg91 | - | - |
Console Status | Fully Enabled | - | - |
SSO Enablement | Yes | - | - |
Hub and Spoke | Yes | - | - |
Open API | Yes | - | No |
Users | - | - | 2 |
Administration |
Request a Demo of CTIX Spoke
CTIX Spoke is available today to members of those ISACs/ISAOs that are using CTIX Enterprise. If your ISAC/ISAO is not using CTIX Enterprise, recommend it by Clicking here.
If your ISAC/ISAO has CTIX Enterprise, request a demo here.
Frequently Asked Questions
Who can avail CTIX Spoke?
Only those ISAC/ISAO members can avail CTIX Spoke whose ISAC/ISAO is using CTIX Enterprise. For those, who do not fall in this category, please reach out to us for the CTIX Enterprise and Lite platforms.