Seqrite Threat Intelligence is a real-time threat intelligence solution that aggregates intel from various sources including QuickHeal’s rich Telemetry. This Intel is further processed and disseminated over Seqrite Threat Intel Portal. It provides actionable insights tailored to industries like BFSI while ensuring compliance with regulatory requirements.1.0 provides automated streams of useful threat information that enterprises can ingest into their security tools to block threats or derive helpful insights. This information includes traditional indicators of compromise (IoCs) such as malicious Domains, URLs, IP addresses, Malware hashes, and more. Information related to threats is messaged and put together in STIX format and delivered to customers via the TAXII server.
Seqrite Threat Intelligence is powered by the Seqrite lab process and detects millions of threats every day. Information related to threats is messaged and put together in STIX format and delivered to customers via the TAXII server. The following page details how you can obtain Cyber Threat Intelligence (CTI) using the Trusted Automated Exchange of Intelligence Information (TAXII) services.
What is STIX?
- Structured Threat Information eXpression or STIX is a language format used to exchange CTI (Cyber Threat Intelligence). The STIX format is used to show information related to indicator objects, malware objects and relationship objects. Relationship objects link a common association between indicator and malware objects.
- The STIX feed is in a standardized JSON format and conveys CTI data that can be easily understood. It represents the common language where both entities client and server, can use STIX for a common method of communication.
What is TAXII?
- Trusted Automated Exchange of Intelligence Information or TAXII, is a transport protocol used to exchange CTI data over Hyper Text Transfer Protocol Secure (HTTPS).
- TAXII enables companies like Seqrite to share CTI with other users by defining an API that aligns with common sharing models.
- TAXII is specifically designed to support the exchange of CTI represented in STIX format.
- TAXII integration with security controls such as SIEM, SOAR, TIP, enables organizations to automate the sharing and consumption of threat intelligence, thereby enhancing their ability to detect, analyze, and respond to cyber threats.
The TAXII and STIX Relationship
- The open-source projects of TAXII and STIX standards were developed by the OASIS CTI Technical Committee for the prevention and mitigation of cyber-attacks. STIX indicates the cyber threat intelligence data and TAXII is the vehicle for the exchange of that information.
- TAXII is the mechanism for the transport of CTI represented in STIX format. You can use TAXII services to share cyber threat information in a secure and automated manner.
Relationship between Feeds and Collections
- As mentioned, STIX provides CTI data Feeds in JSON format. Feeds contain CTI data from Collections.
- A TAXII Collection is an interface to a database of CTI objects provided by a TAXII Server. It is used by TAXII Clients to request information from the TAXII Server.
- It is common to use the term Feeds when referring to STIX CTI threat data with the understanding that what comprises a CTI Feed is information from a Collection of CTI objects.