Home
Threat Intelligence
Configuration
Details on how to configure Threat Intelligence.
Threat Intelligence Feed
Introduction
TAXII overview
TAXII standardizes the exchange of cyber threat intelligence (CTI) over the internet, enabling organizations to share security threat information more efficiently and effectively. This improves threat detection, analysis, and response.

Threat Intelligence
- Introduction
  An overview of Threat Intelligence.
- Requirements
  A description of the requirements that are necessary to install and use Threat Intelligence.
- Configuration
  Details on how to configure Threat Intelligence.
  - Configure a Threat Intelligence license
    Before you can use the Threat Intelligence, you must install a license.
  - Enable automatic updates
    If you are connected to Vantage, or a Central Management Console (CMC), you can enable automatic Threat Intelligence updates.
  - Configure manual updates
    If your sensor, or Central Management Console (CMC), is not connected to the internet, you can update Threat Intelligence manually.
  - Sensor-level contents management
    By default, Threat Intelligence contents can only be managed on the top-level sensor. However, this policy can be customized to allow any sensor in the solution to add, edit, enable or disable individual contents.
  - Manage contents at sensor level
    You can change the status of the Enable local contents toggle to change how the Threat Intelligence contents are managed.
  - Threat Intelligence Feed
    - Introduction
      - TAXII overview
        TAXII standardizes the exchange of cyber threat intelligence (CTI) over the internet, enabling organizations to share security threat information more efficiently and effectively. This improves threat detection, analysis, and response.
    - Requirements
    - Configuration
    - Troubleshooting
- Maintenance
  Information on how to maintain Threat Intelligence.
- Print format documentation
  A list of all the print-format documentation that is available for Threat Intelligence.

TAXII overview

TAXII standardizes the exchange of cyber threat intelligence (CTI) over the internet, enabling organizations to share security threat information more efficiently and effectively. This improves threat detection, analysis, and response.

Trusted Automated Exchange of Indicator Information (TAXII) is a protocol used for the exchange of cyber threat intelligence (CTI) over the internet. TAXII is designed to support the distribution of CTI using a standardized methodology, enabling organizations to share information about security threats more efficiently and effectively.

TAXII is often used in conjunction with Structured Threat Information Expression (STIX), which is a language and serialization format used to exchange CTI. STIX enables organizations to convey the full range of potential threat information, from high-level attack patterns and technical indicators to detailed threat actor profiles and the tactics, techniques, and procedures (TTPs) that they use.

Together, TAXII and STIX facilitate the automated exchange, processing, and analysis of cyber threat information among various parties, including private sector organizations, government agencies, and other entities involved in cybersecurity defense. This leverages shared knowledge about existing and emerging threats to help improve the speed and accuracy of threat detection, analysis, and response.