Cyware Threat Intelligence eXchange

A smart, client-server threat intelligence platform (TIP) for ingestion, enrichment, analysis, and bi-directional sharing of threat data within your trusted network.

Cyware Threat Intelligence eXchange


  • Multi-Source, Format-Agnostic Threat Intel Ingestion

  • Machine-Powered Enrichment, Correlation & Analysis

  • Complete Threat Intel Lifecycle Automation

  • Integrated Governance & Collaboration

  • STIX/TAXII-based Bidirectional Sharing & Collaboration

  • Machine-to-Machine Dissemination & Actioning

ctix Features

Enable end-to-end tactical and technical threat intelligence automation with advanced analysis and bi-directional sharing within your trusted network.

Cyber Threat Intelligence

Any-to-Any Threat Feed Orchestration

Collect and normalize, structured and unstructured threat data, from a plethora of formats including STIX 1.x / 2.0, MISP, MAEC, XML, CSV, YARA, OpenIOC, JSON, PDF, Cybox, Email, etc.


STIX 1.X to STIX 2.0 Conversion

Ensure advanced threat data interoperability with smooth conversion of STIX 1.x (XML) to STIX 2.0 (JSON).


Micro Threat Intel Ingestion

Automate ingestion and analysis of Micro Intel feeds including TTPs, indicators of compromise (IOCs), exploit alert sharing, threat intel enrichment, exploitability mapping, kill chain mapping, ATT&CK mapping, etc.


Hub & Spoke Sharing Model

Collect, manage, and share intelligence with partners, vendors, clients, regulatory bodies, ISACs/ISAOs, etc. in a highly collaborative ecosystem.

Cyber Threat Intelligence

MITRE ATT&CKᵀᴹ Navigator

Visualize threat actor tactics and techniques to identify trends across the cyber kill chain in the post-exploitation phase and relate them to reported intel.


Enrichment, Correlation, and Analysis

Enrich threat data from VirusTotal, Whois, NVD, etc., performing real-time correlation, deduplication, and analysis, along with noise removal through graduated indicator deprecation.

Cyber Threat Intelligence

Internal Intel Ingestion

Automatically ingest tactical threat intel from security tools deployed within your organization’s network including SIEMs, UEBA, Antivirus, IDS/IPS, etc.

CTIX - Cyware Threat Intelligence eXchange

Automated Intel Actioning

Automate blocking of malicious indicators in Firewalls deployed in your organization on the basis of the IOC score and customized rules.

CTIX - Cyware Threat Intelligence eXchange

Multi-level Intel View

Create a specialized intelligence view for different roles within your organization including analysts, SOC, incident response teams, steering committees, and CISO.

Frequently Asked Questions

Cyware threat intelligence eXchange (CTIX) is an advanced threat intel platform (TIP) with a number of unmatched features. First, CTIX has been built using a hub-and-spoke architecture. The unique advantage of this model is the ability for an organization to efficiently disseminate and consume threat intelligence in a bi-directional manner.. Traditional TIPs are focused more on one-to-one unidirectional threat intel sharing mechanisms, thereby rendering them incapable of sharing or receiving threat intel with/from multiple peers, TI providers, ISAC members, regulators, partner organizations and subsidiary companies. Second, traditional TIPs only allow for sharing of indicators of compromise (IOCs) whereas CTIX goes a step further to allow analysis and sharing of not only IOCs but also Tactics, Techniques, and Procedures (TTPs), Threat Actors, Course of Actions, Incidents, etc.. CTIX integrates Mitre’s ATT&CKᵀᴹ Navigator utilizing a heatmap overlay for detailed threat analysis and investigations. Third, CTIX comes with advanced orchestration features enablinging automated updating of threat data in internal security tools like IDS/IPS, SIEM, AV Solutions, and sandboxes. CTIX can be used to orchestrate reports from these tools and automatically share them with peer organizations, subsidiaries, third-parties, vendors, ISAC members, etc. Lastly, CTIX is a format-agnostic TIP allowing for collection/ingestion, analysis, and sharing of threat data in multiple formats, unlike traditional TIPs which are handicapped by only being able to handle a small set of selected formats.

Become a Cyware Partner!

Boost your sales and service offerings with our advanced enterprise-grade solutions

Cyware Channel Partners

Cyware Technology Integrations

Enhance your security solutions with added capabilities and complex use-cases through seamless technology integrations with Cyware platforms.

Cyware Tool Integration