Intel Exchange Spoke is a cost-effective solution designed to help ISAC/ISAO members establish or enhance their threat intelligence programs. It addresses common challenges faced by organizations with limited resources, such as the prohibitive costs of operationalizing threat intelligence, inefficient ingestion and reporting of actionable intelligence, and the inability to automate actions on scored threat intelligence within existing security tools. The platform facilitates the effortless ingestion of technical threat intelligence from ISACs/ISAOs and enables sharing back with them, ensuring a collaborative and secure environment. It empowers security teams to automatically ingest, receive, view, and take automated action on scored intelligence, providing better visibility into threats without overwhelming existing systems. Intel Exchange Spoke supports the conversion and standardization of threat indicators, including IOCs, TTPs, and other STIX Domain Objects (SDOs), into the latest STIX 2.1 format for seamless action and efficient sharing. The solution is designed for seamless integration with a wide range of security tools, allowing teams to act on indicators directly within their current security technology stack. It also offers capabilities to scale threat intelligence operations over time, adapting to evolving security needs.

Features & Benefits

• Automated Threat Intelligence Ingestion
  • Effortlessly ingest technical threat intelligence from ISACs/ISAOs, supporting the conversion and standardization of IOCs, TTPs, and other STIX Domain Objects into STIX 2.1 format.
  • Upper limit to 10k Objects / Day
  • Supports STIX 2.1 for ingestion
  • Threat Mailbox (1 mail account only)
  • Quick Add Intel, Import Intel
  • Manual Intel Ingestion via text, URL, file import
• Bi-directional Threat Intelligence Sharing
  • Enhance the effectiveness of threat intelligence operations by sharing relevant intelligence with your ISAC/ISAO, fostering a collaborative and secure environment.
  • Sharing allowed to any 1 TAXII Feed Provider
  • Maximum 5 STIX/ISAC sources
• Seamless Security Tool Integration
  • Optimize threat intelligence capabilities by integrating with existing security infrastructure, allowing teams to act on indicators from the ISAC/ISAO hub within their current security technology stack.
  • Integrates with SIEM, SOAR Solution, Network Security, Endpoint Detection Response tools
• Actionable Intelligence & Automation
  • Access a specialized threat intelligence module to receive, view, and automate responses to Indicators of Compromise (IOCs) and scored technical threat intelligence within security tools.
  • Automate responses using built-in rules or SOAR capabilities
  • Build your own rule (Max of 2 active rules)
• Reporting & Dashboard
  • Provides an out-of-the-box dashboard with a limited set of widgets and custom reporting capabilities.
  • Maximum 2 reports
• User & Access Management
  • Manages user access and provides authentication options for the platform.
  • Supports 2 users
  • Username/Password authentication
  • TOTP 2FA enabled