Cisco Threat Intelligence API
Details
An open-source architecture and API for hosting and providing threat intelligence data to inform XDR investigations.
The Cisco Threat Intelligence API (CTIA) is a REST API designed to facilitate the rapid storage and retrieval of cyber threat intelligence data structed in the Cisco Threat Intelligence Model (CTIM).
To set up your own on-premise threat intelligence API server with a public IP address, follow the instructions on the CTIA project website.
You can then add an integration for your on-premises server by providing the URL and API Key, so your threat intelligence is available within your environment in the current platform.
Capabilities
Health
Validates that the integration is healthy
Deliberate
Provides dispositions for observables
Observe
Provides sightings for an observable
Refer
Provides links to additional resources for an observable
Respond
Provides response actions for an observable
Tiles
Provides tiles for the Cisco XDR dashboard
Regions
North America
Europe
Asia-Pacific, Japan & China
Configuration details
Configuration guide
Configuration options