We use cookies to improve your experience. Do you accept?

Intel Exchange Spoke

Operationalize Threat Intelligence Within a Trusted Sharing Environment

Facilitate operationalization and automated bi-directional sharing of threat intelligence between ISAC/ISAO and its members, offering enterprise-grade features without costly enterprise threat intelligence platforms.

Problems We Solve

For ISAC/ISAO members starting their threat intelligence program, Intel Exchange Spoke offers a quick, easy, and cost-effective solution that reduces overhead for operationalizing threat intelligence.

Limited Resources and Teams

The costs and overhead associated with operationalizing threat intelligence can be prohibitive, particularly for organizations with limited resources.

Inefficient Ingestion and Reporting

ISAC/ISAO members struggle to effectively access, ingest, and report actionable threat intelligence, lacking visibility into threats.

Inability to Automate Actioning

Organizations face challenges in automating actions on scored threat intelligence within their existing security tools, such as SIEM, firewall, etc.

Advanced Threat Intelligence Workflows for ISAC/ISAO Members

Automatically ingest, receive, view threat indicators, as well as take automated action on scored intelligence.

Automated Threat Indicator Ingestion and Sharing

Effortlessly ingest technical threat intelligence from your ISACs/ISAOs and share it back with them.

Review and Manage IOCs

Access a specialized threat intelligence module to receive, view, and automate responses to Indicators of Compromise (IOCs).

Automated Intelligence Feed Actions

Automate responses to scored technical threat intelligence within your security tools, such as SIEM, firewall, IPS, NBAD, and UEBA, using built-in rules or SOAR capabilities.

Automatically ingest, receive, view threat indicators, as well as take automated action on  scored intelligence.

Threat Intelligence Processing and Collaboration Made Easy

Empower ISAC/ISAO members to enhance their threat intelligence operations, ensuring better visibility and seamless integration without overwhelming their existing systems and processes.

Ingest IOCs in STIX 2.1 Format

Convert and standardize threat indicators such as IOCs, TTPs, and other STIX Domain Objects (SDOs) into the latest STIX 2.1 format for seamless action and efficient sharing with the ISAC/ISAO hub.

Bi-directional Threat Intelligence Sharing

Enhance the effectiveness of your threat intelligence operations by sharing relevant intelligence with your ISAC/ISAO through Intel Exchange Spoke, ensuring a collaborative and secure environment.

Seamless Integration with Security Tools

Optimize your threat intelligence capabilities by integrating Intel Exchange Spoke with your existing security infrastructure, allowing your team to act on indicators from the ISAC/ISAO hub within your current security technology stack.

Expand Threat Intelligence Capabilities Over Time

Scale your threat intelligence operations with advanced rules engine, threat investigator, confidence scoring, and other advanced features to meet the evolving needs of your security team and requirements.

Features include

Intel Exchange Spoke Features

Ingest IOCs in STIX 2.1 Format

Convert and standardize threat indicators such as IOCs, TTPs, and other STIX Domain Objects (SDOs) into the latest STIX 2.1 format for seamless action and efficient sharing with the ISAC/ISAO hub.

Bi-directional Threat Intelligence Sharing

Enhance the effectiveness of your threat intelligence operations by sharing relevant intelligence with your ISAC/ISAO through Intel Exchange Spoke, ensuring a collaborative and secure environment.

Seamless Integration with Security Tools

Optimize your threat intelligence capabilities by integrating Intel Exchange Spoke with your existing security infrastructure, allowing your team to act on indicators from the ISAC/ISAO hub within your current security technology stack.

Expand Threat Intelligence Capabilities Over Time

Scale your threat intelligence operations with advanced rules engine, threat investigator, confidence scoring, and other advanced features to meet the evolving needs of your security team and requirements.

Compare Intel Exchange Product Editions

Features/CapabilitiesIntel ExchangeIntel Exchange LiteIntel Exchange Spoke
DashboardOut-of-the-Box Dashboard, Sharing of Dashboard, Feeds ROIOut-of-the-Box Dashboard, Sharing of Dashboard, -Out-of-the-Box Dashboard - Limited set of widgets, -, -
ReportsCustom Reporting CapabilitiesCustom Reporting CapabilitiesCustom Reporting Capabilities Max. 2 reports
Intel CollectionCustomizable to Your Organization's Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file importUpper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file importUpper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import
Inbox CapabilitiesCustomizable to Your Organization's Unique NeedsSharing is allowed to any 3 TAXII Feed ProvidersSharing is allowed to any 1 TAXII Feed Providers
Indicators Allowed (Allowlist)AllAll-
Intel ScoringConfidence Score EngineConfidence Score Engine-
Rules EngineBuild your own rule - UnlimitedBuild your own rule - Max of 10 active rulesBuild your own rule - Max of 2 active rules
Attack NavigatorFull VersionFull Version-
Threat InvestigationFull Version--
Dissemination - Detailed SubmissionCustomizable to Your Organization's Unique NeedsInbox to any 3 TAXI feed providersInbox to any 1 TAXI feed provider
Analyst WorkbenchFang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities--
Global TasksCreate and Action tasks--
My OrgIndicators Allowed WatchlistIndicators Allowed Watchlist-
AuthenticationUsername/Password LDAP 2 FA enabled - Email/TOTPUsername/Password - 2 FA enabled - Email/TOTPUsername/Password - 2 FA enabled - TOTP
Feed IntegrationsAllAllAll
STIX and ISAC IntegrationAllAllMaximum 5 STIX/ISAC sources
Feed EnrichmentAllAll-
Tool Integration - SIEMAllAllAll
Tool Integration - SOAR SolutionAllAllAll
Tool Integration - Network SecurityAllAllAll
Tool Integration - Endpoint Detection ResponseAllAllAll
Console StatusFully Enabled--
SSO EnablementYes--
Hub and SpokeYes--
Open APIYesYesAvailable in Select Configurations Only
Users--2
AdministrationUser Management License Management Custom Entities Management Audit Log Management Tag Management Subscribers ConfigurationAudit Log Management Tag Management User Management License Management Configuration (without Custom Score)User Management Configuration (without Custom Score)

FAQ

Any Questions?