What is Cyber Threat Exchange?

Learn how Cyber Threat Exchange helps researchers publish structured CTI feeds and helps defenders subscribe to specialist intelligence in STIX 2.1.

Overview

Cyber Threat Exchange is a marketplace for cyber threat intelligence built around specialist feeds rather than one undifferentiated stream.

Researchers can publish structured intelligence, and defenders can subscribe only to the feeds that fit their requirements. The goal is to reduce the friction between good research, structured delivery, and operational use.

Why it exists

Strong CTI often gets trapped inside blog posts, PDFs, screenshots, and one-off exports. Those formats are readable, but they are much harder to query, enrich, correlate, and automate against.

Cyber Threat Exchange is designed to keep CTI structured from producer to consumer so that the same intelligence remains useful in the UI, in downstream tooling, and in automation workflows.

Core model

• Intelligence is published and delivered as STIX 2.1.
• Feeds can be focused on specific threats, sectors, malware families, campaigns, or researcher specialties.
• Consumers subscribe feed-by-feed instead of accepting one generic source.
• Structured delivery makes the data easier to traverse, enrich, and operationalise.

Publishing and consumption

Researchers can publish directly into a feed using the API, and teams with existing CTI tooling can use standards-based workflows to move intelligence into the exchange.

Consumers can then explore feeds in the web interface, subscribe to the researchers that matter most to them, and move that intelligence onward through TAXII and API-driven integrations.