CTIX Features

CTIX Features

Cyware Threat Intelligence eXchange

Automated Threat Intel Collection

Ingest tactical and technical threat intel including indicators of compromise (IOCs), tactics, Techniques, and procedures (TTPs), exploit alerts, etc., from multiple internal and external sources.


Micro Threat Intel Ingestion

Automate ingestion and analysis of Micro Intel feeds including TTPs, indicators of compromise (IOCs), exploit alert sharing, threat intel enrichment, exploitability mapping, kill chain mapping, ATT&CK mapping, etc.

Internal Intel Ingestion

Automatically ingest tactical threat intel from security tools deployed within your organization’s network including SIEMs, UEBA, Antivirus, IDS/IPS, etc.

External Intel Ingestion

Collect tactical and technical intel from multiple external sources including threat intel providers, regulatory bodies, peer organizations, ISACs, dark web, partner organizations, and subsidiaries.

Source and Collection Management

Manage all sources and collections through a single-window dashboard with customized polling and frequency management capabilities.

Hub & Spoke Sharing Model

Collect, manage, and share intelligence with partners, vendors, clients, regulatory bodies, ISACs/ISAOs, etc. in a highly collaborative ecosystem.

Show more Show less

Correlation, Enrichment & Analysis

Automate correlation, enrichment, and analysis phases of the threat intelligence lifecycle with advanced integration with trusted threat databases and built-in AI-enabled technologies.


Enrichment, Correlation, and Analysis

Enrich threat data from VirusTotal, Whois, NVD, etc., performing real-time correlation, deduplication, and analysis, along with noise removal through graduated indicator deprecation.

Any-to-Any Threat Feed Orchestration

Collect and normalize, structured and unstructured threat data, from a plethora of formats including STIX 1.x / 2.0, MISP, MAEC, XML, CSV, YARA, OpenIOC, JSON, PDF, Cybox, Email, etc.

Automated Intel Validation and Score Revision

Validate threat intelligence in an automated manner cross-correlating with threat sightings by your peers, affiliates, and subsidiaries.

Deduplication

Employ the power of artificial intelligence and machine learning for quick and efficient correlation of threat indicators, as well as the removal of duplicate IOCs.

Machine Learning-based Analysis

Automatically poll data sources and push analyzed data to other platforms, establishing a relationship between various attributes received in intel from previous incidents.

Indicator Deprecation

Reduce noise and foster actionable threat intelligence by flushing out dormant and inactive threat indicators.

Advanced Rule Engine

Automate mundane actions, speed up Triage Management and enable analysts to focus on relevant tasks.

Show more Show less

Intel Dissemination & Actioning

Automate intel-driven response workflows within your organization and share precise, relevant, and actionable intelligence with the internal security teams and external partners.


Automated Intel Dissemination to Internal Teams

Deliver enriched intelligence to multiple internal teams such as SOC, incident response, threat hunting, red team, VAPT, steering community, etc. for quick analysis and actioning.

Automated Intel Dissemination to External Entities

Build a cyber secure ecosystem through enhanced collaboration with external entities, such as ISACs, peers, subsidiaries, third-party vendors, etc. through cross-sharing of enriched intel.

Automated Intel Actioning

Automate blocking of malicious indicators in firewalls deployed in your organization based on IOC fidelity and customized rules.

TLP: RED Auto Deletion

Equip users with Red TLP Auto Deletion to efficiently manage and secure the confidentiality of top secret/classified information by triggering automatic deletion.

Direct Two-way Sharing with the DHS AIS

Leverage secure certificate authentication to equip your threat response team with real-time, updated, and accurate threat intel information using direct two-way sharing of threat data with the US Department of Homeland Security (DHS) Automated Indicator Sharing (AIS).

Rule-Based Advanced Alerting and Notifications

Reduce mean time to detection and resolution through the real-time notification and multilevel alerting via emails, SMS, and calls.

Show more Show less

Advanced Analyst Workbench

Improve analysts’ maturity and interoperability with features like threat board, geo-tagging, multi-level intel view, IP and domain lookup, etc.


MITRE ATT&CKᵀᴹ Navigator

Visualize threat actor tactics and techniques to identify trends across the cyber kill chain in the post-exploitation phase and relate them to reported intel.

Threat Board

Search object types, indicator types, and hidden cross-links between different attributes extracted from disparate threat intel feeds.

STIX 1.X to STIX 2.0 Conversion

Ensure advanced threat data interoperability with smooth conversion of STIX 1.x (XML) to STIX 2.0 (JSON).

Geo-Tagging

Map and analyze threat intel automatically ingested from disparate sources to identify geographical trends for your different business units.

Analyst Watchlist

Monitor relevant threats by setting triggers for your organization, brand, or industry-related keywords in intelligence feeds.

Fang/ Defang

Monitor relevant threats by setting triggers for your organization, brand, or industry-related keywords in intelligence feeds.

IP & Domain Lookup

Integrate with services like WHOIS, VirusTotal, Shodan, Moz, and GeoIP to empower your analysts in accessing data collected from premium sources with a single click.

Show more Show less

Centralized Governance & Management

Direct, control, and manage intel-driven operations in your organization with a centralized dashboard and multi-level intel few features.

  • Multi-level Intel View
  • Centralized Threat Dashboard

Become a Cyware Partner!

Boost your sales and service offerings with our advanced enterprise-grade solutions

Cyware Channel Partners

Cyware Technology Integrations

Enhance your security solutions with added capabilities and complex use-cases through seamless technology integrations with Cyware platforms.

Cyware Tool Integration