CTIX Features
Cyware Threat Intelligence eXchange
Automated Threat Intel Collection
Ingest tactical and technical threat intel including indicators of compromise (IOCs), tactics, Techniques, and procedures (TTPs), exploit alerts, etc., from multiple internal and external sources.
Micro Threat Intel Ingestion
Automate ingestion and analysis of Micro Intel feeds including TTPs, indicators of compromise (IOCs), exploit alert sharing, threat intel enrichment, exploitability mapping, kill chain mapping, ATT&CK mapping, etc.
Internal Intel Ingestion
Automatically ingest tactical threat intel from security tools deployed within your organization’s network including SIEMs, UEBA, Antivirus, IDS/IPS, etc.
External Intel Ingestion
Collect tactical and technical intel from multiple external sources including threat intel providers, regulatory bodies, peer organizations, ISACs, dark web, partner organizations, and subsidiaries.
Source and Collection Management
Manage all sources and collections through a single-window dashboard with customized polling and frequency management capabilities.
Hub & Spoke Sharing Model
Collect, manage, and share intelligence with partners, vendors, clients, regulatory bodies, ISACs/ISAOs, etc. in a highly collaborative ecosystem.
Correlation, Enrichment & Analysis
Automate correlation, enrichment, and analysis phases of the threat intelligence lifecycle with advanced integration with trusted threat databases and built-in AI-enabled technologies.
Enrichment, Correlation, and Analysis
Enrich threat data from VirusTotal, Whois, NVD, etc., performing real-time correlation, deduplication, and analysis, along with noise removal through graduated indicator deprecation.
Any-to-Any Threat Feed Orchestration
Collect and normalize, structured and unstructured threat data, from a plethora of formats including STIX 1.x / 2.0, MISP, MAEC, XML, CSV, YARA, OpenIOC, JSON, PDF, Cybox, Email, etc.
Automated Intel Validation and Score Revision
Validate threat intelligence in an automated manner cross-correlating with threat sightings by your peers, affiliates, and subsidiaries.
Deduplication
Employ the power of artificial intelligence and machine learning for quick and efficient correlation of threat indicators, as well as the removal of duplicate IOCs.
Machine Learning-based Analysis
Automatically poll data sources and push analyzed data to other platforms, establishing a relationship between various attributes received in intel from previous incidents.
Indicator Deprecation
Reduce noise and foster actionable threat intelligence by flushing out dormant and inactive threat indicators.
Advanced Rule Engine
Automate mundane actions, speed up Triage Management and enable analysts to focus on relevant tasks.
Intel Dissemination & Actioning
Automate intel-driven response workflows within your organization and share precise, relevant, and actionable intelligence with the internal security teams and external partners.
Automated Intel Dissemination to Internal Teams
Deliver enriched intelligence to multiple internal teams such as SOC, incident response, threat hunting, red team, VAPT, steering community, etc. for quick analysis and actioning.
Automated Intel Dissemination to External Entities
Build a cyber secure ecosystem through enhanced collaboration with external entities, such as ISACs, peers, subsidiaries, third-party vendors, etc. through cross-sharing of enriched intel.
Automated Intel Actioning
Automate blocking of malicious indicators in firewalls deployed in your organization based on IOC fidelity and customized rules.
TLP: RED Auto Deletion
Equip users with Red TLP Auto Deletion to efficiently manage and secure the confidentiality of top secret/classified information by triggering automatic deletion.
Direct Two-way Sharing with the DHS AIS
Leverage secure certificate authentication to equip your threat response team with real-time, updated, and accurate threat intel information using direct two-way sharing of threat data with the US Department of Homeland Security (DHS) Automated Indicator Sharing (AIS).
Rule-Based Advanced Alerting and Notifications
Reduce mean time to detection and resolution through the real-time notification and multilevel alerting via emails, SMS, and calls.
Advanced Analyst Workbench
Improve analysts’ maturity and interoperability with features like threat board, geo-tagging, multi-level intel view, IP and domain lookup, etc.
MITRE ATT&CKᵀᴹ Navigator
Visualize threat actor tactics and techniques to identify trends across the cyber kill chain in the post-exploitation phase and relate them to reported intel.
Threat Board
Search object types, indicator types, and hidden cross-links between different attributes extracted from disparate threat intel feeds.
STIX 1.X to STIX 2.0 Conversion
Ensure advanced threat data interoperability with smooth conversion of STIX 1.x (XML) to STIX 2.0 (JSON).
Geo-Tagging
Map and analyze threat intel automatically ingested from disparate sources to identify geographical trends for your different business units.
Analyst Watchlist
Monitor relevant threats by setting triggers for your organization, brand, or industry-related keywords in intelligence feeds.
Fang/ Defang
Monitor relevant threats by setting triggers for your organization, brand, or industry-related keywords in intelligence feeds.
IP & Domain Lookup
Integrate with services like WHOIS, VirusTotal, Shodan, Moz, and GeoIP to empower your analysts in accessing data collected from premium sources with a single click.
Centralized Governance & Management
Direct, control, and manage intel-driven operations in your organization with a centralized dashboard and multi-level intel few features.
- Multi-level Intel View
- Centralized Threat Dashboard
