Cyber Threat Exchange TAXII API

Use the Cyber Threat Exchange TAXII API to deliver subscribed CTI feeds into standards-based downstream tooling.

Overview

The TAXII 2.1 API is the clearest path for delivering Cyber Threat Exchange feeds into tooling that already speaks CTI standards.

Because feeds map well to collection-based workflows, TAXII is a practical fit for teams that want scheduled pull-based ingestion without inventing a custom transport layer.

Common uses

• Pull subscribed feeds into CTI platforms and internal pipelines.
• Standardise ingestion across multiple structured CTI sources.
• Reduce custom engineering for downstream consumers that already support TAXII.